certbot certonly \
--authenticator dns-azure \
--preferred-challenges dns \
--noninteractive \
--agree-tos \
--email ssli@redhat.com \
--domains reborncodinglife.com \
--dns-azure-config /root/azure.ini
如果想申请通配符的证书,将–domains选项修改为:
--domains 'reborncodinglife.com,*.reborncodinglife.com'
生成的证书可以给子域名比如sub1.reborncodinglife.com或者sub2.reborncodinglife.com使用。
certbot certificates
openssl x509 -noout -text -in tower.cert
openssl req -noout -text -in tower.csr
# openssl verify tower.cert
tower.cert: OK
openssl rsa -noout -text -in tower.key
# openssl x509 -noout -modulus -in tower.cert | openssl md5
(stdin)= 3da996241erv07b0ebe1a99123aa0544
# openssl rsa -noout -modulus -in tower.key | openssl md5
(stdin)= 3da996241erv07b0ebe1a99123aa0544
LEo at 00:12