概述
之前写了一篇“配置https服务器系列之二:windows服务器配置letsencrypt证书”,后来发现配置多个子域名会有问题。说说之前的解决方案:简单粗暴的分多次操作分别生成多个证书。这其实也没问题,问题在于:每当操作一次,他的定时自动更新任务就会删除以前所有的任务,只保留最后那个任务。比如你先生成了yourdomain.com,然后生成www.yourdomain.com,最后只有www.yourdomain.com会得到自动更新,而前面的yourdomain.com不会得到自动更新,这就有问题。
然后我一直在论坛寻找解决方法,什么keepexites都试了,没什么用,最后经过多方搜索,还是让我找到了真正的解决方案,感谢这篇文章的作者:
http://www.cnblogs.com/silin6/p/5931640.html。
下面贴下cmd:
C:letsencrypt-win-simple>letsencrypt.exe --san
Let's Encrypt (Simple Windows ACME Client)
Renewal Period: 60
Certificate Store: WebHosting
ACME Server: https://acme-v01.api.letsencrypt.org/
Config Folder: C:UsersAdministratorAppDataRoamingletsencrypt-win-simplehtt
psacme-v01.api.letsencrypt.org
Certificate Folder: C:UsersAdministratorAppDataRoamingletsencrypt-win-simpl
ehttpsacme-v01.api.letsencrypt.org
Getting AcmeServerDirectory
Enter an email address (not public, used for renewal fail notices): xxx@xx.c
om
Calling Register
Do you agree to https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
? (Y/N)Y
Updating Registration
Saving Registration
Saving Signer
Scanning IIS Sites
IIS Version not found in windows registry. Skipping scan.
No targets found.
W: Generate a certificate via WebDav and install it manually.
S: Generate a single San certificate for multiple sites.
F: Generate a certificate via FTP/ FTPS and install it manually.
M: Generate a certificate manually.
A: Get certificates for all hosts
Q: Quit
Which host do you want to get a certificate for: M
Enter a host name: yourdomain.com
Enter all Alternative Names seperated by a comma yourdomain.com,www.yourdomain.c
om
Enter a site path (the web root of the host for http authentication): C:server
nginxxx
Authorizing Identifier yourdomain.com Using Challenge Type http-01
Writing challenge answer to C:servernginxca.well-known/acme-challenge/a9OHr
dhgVyi7Js40H8dwYHGgWtHgAPgq5JcYPppBi6E
Answer should now be browsable at http://yourdomain.com/.well-known/acme-challe
nge/a9OHrdhgVyi7Js40H8dwYHGgWtHgAPgq5JcYPppBi6E
Submitting answer
Refreshing authorization
Authorization Result: valid
Authorizing Identifier www.yourdomain.com Using Challenge Type http-01
Writing challenge answer to C:servernginxca.well-known/acme-challenge/YCgZe
Vn6be7dKyKqB2YmKWSEZx_6U34HNGqCMpbOlxQ
Answer should now be browsable at http://www.yourdomain.com/.well-known/acme-ch
allenge/YCgZeVn6be7dKyKqB2YmKWSEZx_6U34HNGqCMpbOlxQ
Submitting answer
Refreshing authorization
Refreshing authorization
Authorization Result: valid
Requesting Certificate
Request Status: Created
Saving Certificate to C:UsersAdministratorAppDataRoamingletsencrypt-win-si
mplehttpsacme-v01.api.letsencrypt.orgyourdomain.com-crt.der
Saving Issuer Certificate to C:UsersAdministratorAppDataRoamingletsencrypt
-win-simplehttpsacme-v01.api.letsencrypt.orgca-0A0141420000015385736A0B85ECA70
8-crt.pem
Saving Certificate to C:UsersAdministratorAppDataRoamingletsencrypt-win-si
mplehttpsacme-v01.api.letsencrypt.orgyourdomain.com-all.pfx
Opened Certificate Store "My"
Adding Certificate to Store
Closing Certificate Store
WARNING: Unable to configure server software.
Opened Certificate Store "My"
Removing Certificate from Store yourdomain.com 2016/11/29 9:8:56 下午
Closing Certificate Store
Do you want to replace the existing letsencrypt-win-simple httpsacme-v01.api.let
sencrypt.org task? (Y/N)Y
Deleting existing Task letsencrypt-win-simple httpsacme-v01.api.letsencrypt.org
from Windows Task Scheduler.
Creating Task letsencrypt-win-simple httpsacme-v01.api.letsencrypt.org with Win
dows Task Scheduler at 9am every day.
Do you want to specify the user the task will run as? (Y/N)N
Removing existing scheduled renewal Manual yourdomain.com (C:servernginxxx)
Renew After 2017/1/28
Renewal Scheduled Manual yourdomain.com (C:servernginxxx) Renew After 2017/1
/28
Press enter to continue.
到这里就设置好了,他只生成一套名为yourdomain.com的证书文件,这个证书文件可以用于你之前设定的各个子域名。更新的时候也只更新这一个即可。会自动更新。
最后
以上就是积极草莓为你收集整理的配置https服务器系列之三:windows服务器配置letsencrypt证书,多子域名配置的全部内容,希望文章能够帮你解决配置https服务器系列之三:windows服务器配置letsencrypt证书,多子域名配置所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复