Ssl-Certificate

certbot 萬用字元 cert 不是萬用字元

  • May 18, 2022

我做了以下事情:

sh-3.2# certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.someDomainlab.com

並得到了結果:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/someDomainlab.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/someDomainlab.com/privkey.pem
This certificate expires on 2022-08-16.
These files will be updated when the certificate renews.

但是,當我基於此連結測試萬用字元時,我得到以下結果:

CN=someDomainlab.com

這告訴我它不是萬用字元。我在 _acme-challenge.someDomainlab.com 上進行了探勘,結果返回了 certbot 告訴我要添加的內容。

我錯過了什麼?

編輯:

在 ssl_error.log 中,當我執行測試命令時看到這一行:

[Wed May 18 12:52:23.763857 2022] [core:debug] [pid 7607] protocol.c(1447): [client 192.168.183.1:51660] AH00566: request failed: malformed request line

您需要引用域,因此 shell 不會嘗試在*.someDomainlab.com. 像這樣使用-d '*.someDomainlab.com'

sh-3.2# certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d '*.someDomainlab.com'

引用自:https://serverfault.com/questions/1101249