LNMP 1.5已经添加了对通配符证书的支持,生成通配符证书和Let'sEncrypt平常SSL证书命令有些差异(通配符证书命令是 lnmp dnsssl 域名dns服务商简称,普通证书是lnmp ssl add),最好是使用域名DNS服务商的API,这样才能实现自动续期。首先获取域名DNS服务商API。
dnspod API地址:
https://www.dnspod.cn/console/user/security
执行命令:
#你的dnspod API ID与KEY
export DP_Id="123456"
export DP_Key="ABCDEFG1234567890"
添加命令:
lnmp dnsssl dp 或 lnmp dns dp
提示以下信息,根据自己需要选择
[root@host2 ~]# lnmp dns dp
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
| https://lnmp.org |
+-------------------------------------------+
/usr/local/acme.sh/acme.sh [found]
Please enter domain(example: www.lnmp.org): gengjian.net
Your domain: gengjian.net
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for domain gengjian.net: /home/wwwroot/gengjian.net
Allow Rewrite rule? (y/n) n
You choose rewrite: none
Allow access log? (y/n) n
Disable access log.
Enable PHP Pathinfo? (y/n) n
Disable pathinfo.
Starting create SSL Certificate use Let's Encrypt...
提示Let's Encrypt SSL Certificate create successfully表示成功。
最后使用以下命令重启nginx即可。
/etc/init.d/nginx restart