{"id":563,"date":"2025-09-16T21:18:55","date_gmt":"2025-09-16T13:18:55","guid":{"rendered":"https:\/\/blog.zhouhonghe.com\/?p=563"},"modified":"2025-12-29T16:58:22","modified_gmt":"2025-12-29T08:58:22","slug":"linux%e4%bd%bf%e7%94%a8certbot%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0lets-encrypt%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"https:\/\/blog.zhouhonghe.com\/?p=563","title":{"rendered":"\u4f7f\u7528Certbot\u81ea\u52a8\u66f4\u65b0Let's encrypt\u8bc1\u4e66"},"content":{"rendered":"

Certbot\u5b89\u88c5<\/strong><\/p>\n

https:\/\/certbot.eff.org\/instructions?ws=nginx&os=pip<\/a><\/p>\n

\u9632\u706b\u5899\u8fdb\u884c\u51fa\u7ad9\u653e\u901a<\/strong><\/p>\n

\u7f16\u8f91\u811a\u672c
\nsudo vi \/usr\/local\/bin\/ufw-letsencrypt.sh<\/code><\/p>\n

#!\/bin\/bash<\/p>\n

# Let's Encrypt \u76f8\u5173\u57df\u540d
\nDOMAINS=(
\n\"acme-v02.api.letsencrypt.org\"
\n\"acme-staging-v02.api.letsencrypt.org\"
\n# \"ocsp.int-x3.letsencrypt.org\"
\n# \"certificates.letsencrypt.org\"
\n)<\/p>\n

RULE_COMMENT=\"LETSENCRYPT_$(date +%Y%m%d)\"<\/p>\n

# \u5220\u9664\u65e7\u7684 Let's Encrypt \u89c4\u5219
\nOLD_RULES=$(sudo ufw status numbered | grep \"LETSENCRYPT\" | awk '{print $NF}')
\nif [ -n \"$OLD_RULES\" ]; then
\nwhile read -r ip; do
\necho \"\u5220\u9664\u65e7\u89c4\u5219: $ip\"
\nsudo ufw delete allow out to \"$ip\" 2>\/dev\/null
\ndone <<< \"$OLD_RULES\"
\nfi<\/p>\n

# \u4e3a\u6bcf\u4e2a\u57df\u540d\u6dfb\u52a0\u89c4\u5219
\nfor domain in \"${DOMAINS[@]}\"; do
\necho \"\u5904\u7406\u57df\u540d: $domain\"
\nIPS=$(getent ahosts \"$domain\" | awk '{print $1}' | sort -u)<\/p>\n

if [ -n \"$IPS\" ]; then
\nwhile read -r ip; do
\necho \"\u5141\u8bb8\u51fa\u7ad9\u8bbf\u95ee: $ip ($domain)\"
\nsudo ufw allow out to \"$ip\" comment \"$RULE_COMMENT - $domain\"
\ndone <<< \"$IPS\"
\nelse
\necho \"\u8b66\u544a: \u65e0\u6cd5\u89e3\u6790\u57df\u540d $domain\"
\nfi
\ndone<\/p>\n

echo \"Let's Encrypt \u89c4\u5219\u66f4\u65b0\u5b8c\u6210\"<\/em><\/p>\n

\u66f4\u65b0\u8fd0\u884c\u6743\u9650
\nsudo chomd +x \/usr\/local\/bin\/ufw-letsencrypt.sh<\/code><\/p>\n

\u5b9a\u65f6\u8fd0\u884c
\nsudo crontab -e<\/code>
\n 0 2 * * 1 \/usr\/local\/bin\/ufw-letsencrypt.sh >\/dev\/null 2>&1<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Certbot\u5b89\u88c5 https:\/\/certbot.eff.org\/instructions?ws=nginx […]<\/p>... ","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-563","post","type-post","status-publish","format-standard","hentry","category-others"],"_links":{"self":[{"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/posts\/563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=563"}],"version-history":[{"count":11,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/posts\/563\/revisions"}],"predecessor-version":[{"id":650,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/posts\/563\/revisions\/650"}],"wp:attachment":[{"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}