ref:

https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache.html

https://community.letsencrypt.org/t/getting-wildcard-certificates-with-certbot/56285

0.准备

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

要求：certbot 0.22以上

开始使用

1.通配符证书申请

./certbot-auto certonly --manual -d *.mking007.com -d example.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

申请过程中需要修改DNS的TXT记录

验证TXT记录：

dig _acme-challenge.mking007.com txt

2.单域名证书申请

./certbot-auto certonly --manual -d *.example.com

验证

Make sure your web server displays the following content at

http://test.example.com/.well-known/acme-challenge/N4mCfskoOSX_7ikZDoEH3iyIqFAUg4Kdg36ecpeUwkw before continuing:

N4mCfskoOSX_7ikZDoEH3iyIqFAUg4Kdg36ecpeUwkw.J7NHjRSPwMW99A2XJv49FTnNu-MSCCebRjccMFZVRic

If you don't have HTTP server configured, you can run the following

command on the target server (as root):

mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge

cd /tmp/letsencrypt/public_html

printf "%s" N4mCfskoOSX_7ikZDoEH3iyIqFAUg4Kdg36ecpeUwkw.J7NHjRSPwMW99A2XJv49FTnNu-MSCCebRjccMFZVRic > .well-known/acme-challenge/N4mCfskoOSX_7ikZDoEH3iyIqFAUg4Kdg36ecpeUwkw

# run only once per server:

$(command -v python2 || command -v python2.7 || command -v python2.6) -c 

"import BaseHTTPServer, SimpleHTTPServer; 

s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); 

s.serve_forever()"

Press ENTER to continue

关键词：

域名通配符
Lets Encrypt
Wildcard Certificate
Acmev2
Https
Ssl Certificate