{"id":2010,"date":"2018-03-20T00:00:25","date_gmt":"2018-03-19T16:00:25","guid":{"rendered":"https:\/\/cloudbool.com\/archive\/?p=381"},"modified":"2018-03-20T00:00:25","modified_gmt":"2018-03-19T16:00:25","slug":"certbot-issue-ecc-wildcard-certificate","status":"publish","type":"post","link":"https:\/\/cloudbool.com\/archive\/certbot-issue-ecc-wildcard-certificate.html","title":{"rendered":"Certbot\u7533\u8bf7let’s encrypt ECC\u6cdb\u57df\u540d\u8bc1\u4e66"},"content":{"rendered":"

\u4e4b\u524d\u8bf4\u8fc7\uff0c\u5229\u7528Certbot\u7533\u8bf7Let’s Encrypt SSL\u8bc1\u4e66<\/a>\uff0c\u5f53\u65f6\u8fd8\u662f\u5355\u4e2a\u57df\u540d\uff0c\u73b0\u5728\u6cdb\u57df\u540d\u5df2\u7ecf\u53ef\u4ee5\u7533\u8bf7\u4e86\uff0c\u751f\u547d\u4e0d\u6b62\uff0c\u6298\u817e\u4e0d\u606f\uff0c\u6298\u817e\u4e86\u4e0b\uff0c\u628alet’s encrypt\u7684ECC\u6cdb\u57df\u540d\u8bc1\u4e66\u7533\u8bf7\u4e0b\u6765\u4e86\u3002
\n
\ncertbot\u7684\u4e0b\u8f7d\u5b89\u88c5\u53c2\u8003\u8fd9\u4e2a\uff1a\u5229\u7528Certbot\u7533\u8bf7Let’s Encrypt SSL\u8bc1\u4e66<\/a>\u3002
\n\u548c\u4e4b\u524d\u7533\u8bf7\u5f53\u4e2a\u57df\u540d\u4e0d\u540c\u7684\u662f\uff0c\u6211\u4eec\u73b0\u5728\u7533\u8bf7ECC\u8bc1\u4e66\u4e4b\u524d\uff0c\u9700\u8981\u81ea\u5df1\u5148\u884c\u751f\u6210ecc\u7684csr\u6587\u4ef6\uff0c\u4e0b\u9762\u662f\u751f\u6210\u6b65\u9aa4\u3002
\n\u5148\u662f\u751f\u6210key\uff1a<\/p>\n

[root@elsenow-virmach src]# openssl ecparam -genkey -name secp384r1 | openssl ec -out elsenow-ecc.key\nread EC key\nwriting EC key\n<\/code><\/pre>\n
\u7136\u540e\u7528\u751f\u6210\u7684key\u751f\u6210csr\uff1a<\/p>\n
[root@elsenow-virmach src]# openssl req -new -sha256 -key elsenow-ecc.key -nodes -out elsenow-ecc.csr -outform pem\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [XX]:CN\nState or Province Name (full name) []:Guangdong\nLocality Name (eg, city) [Default City]:Shenzhen\nOrganization Name (eg, company) [Default Company Ltd]:\nOrganizational Unit Name (eg, section) []:\nCommon Name (eg, your name or your server's hostname) []:*.xxx.win\nEmail Address []:admin@xxx.win\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:\nAn optional company name []:\n[root@elsenow-virmach src]# ls\ncertbot-auto  elsenow-ecc.csr  elsenow-ecc.key\n<\/code><\/pre>\n
\u5229\u7528certbot\u7b7e\u53d1let’s encrypt\u6cdb\u57df\u540decc\u8bc1\u4e66<\/h2>\n
\u63a5\u4e0b\u6765\u5c31\u662f\u5229\u7528\u751f\u6210\u597d\u7684csr\u6587\u4ef6\u7533\u8bf7let’s encrypt\u7684ecc\u8bc1\u4e66\u4e86\uff1a<\/p>\n
[root@elsenow-virmach src]# .\/certbot-auto certonly --csr elsenow-ecc.csr --manual --preferred-challenges dns --server https:\/\/acme-v02.api.letsencrypt.org\/directory\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nPlugins selected: Authenticator manual, Installer None\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\ncancel): admin@xxx.win\n-------------------------------------------------------------------------------\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:\/\/acme-v02.api.letsencrypt.org\/directory\n-------------------------------------------------------------------------------\n(A)gree\/(C)ancel: A\n-------------------------------------------------------------------------------\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:\/\/acme-v02.api.letsencrypt.org\/directory\n-------------------------------------------------------------------------------\n(A)gree\/(C)ancel: A\n-------------------------------------------------------------------------------\nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about EFF and\nour work to encrypt the web, protect its users and defend digital rights.\n-------------------------------------------------------------------------------\n(Y)es\/(N)o: N\nPerforming the following challenges:\ndns-01 challenge for xxx.win\n-------------------------------------------------------------------------------\nNOTE: The IP of this machine will be publicly logged as having requested this\ncertificate. If you're running certbot in manual mode on a machine that is not\nyour server, please ensure you're okay with that.\nAre you OK with your IP being logged?\n-------------------------------------------------------------------------------\n(Y)es\/(N)o: Y\n-------------------------------------------------------------------------------\nPlease deploy a DNS TXT record under the name\n_acme-challenge.xxx.win with the following value:\nF82ZfL2Q07AiE8rE1CFoSAZUSELcowTWUhunesGqzwM  ###\u8fd9\u4e00\u6b65\u9700\u8981\u5230DNS\u670d\u52a1\u5546\u51fa\u6dfb\u52a0\u4e00\u6761TXT\u8bb0\u5f55\nBefore continuing, verify the record is deployed.\n-------------------------------------------------------------------------------\nPress Enter to Continue\nWaiting for verification...\nCleaning up challenges\nServer issued certificate; certificate written to \/usr\/local\/src\/0000_cert.pem\nCert chain written to <fdopen>\nCert chain written to <fdopen>\nIMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n   \/usr\/local\/src\/0001_chain.pem\n   Your cert will expire on 2018-06-17. To obtain a new or tweaked\n   version of this certificate in the future, simply run certbot-auto\n   again. To non-interactively renew *all* of your certificates, run\n   \"certbot-auto renew\"\n - Your account credentials have been saved in your Certbot\n   configuration directory at \/etc\/letsencrypt. You should make a\n   secure backup of this folder now. This configuration directory will\n   also contain certificates and private keys obtained by Certbot so\n   making regular backups of this folder is ideal.\n - If you like Certbot, please consider supporting our work by:\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\n[root@elsenow-virmach src]# ls\n0000_cert.pem  0000_chain.pem  0001_chain.pem  certbot-auto  elsenow-ecc.csr  elsenow-ecc.key\n<\/code><\/pre>\n
update:2018-03-29<\/p>\n
\u5229\u7528certbot\u7b7e\u53d1\u5355\u57df\u540dECC\u8bc1\u4e66<\/h2>\n
\u7533\u8bf7letsencrypt\u5355\u57df\u540dECC\u8bc1\u4e66\u548c\u6cdb\u57df\u540d\u5176\u5b9e\u5dee\u4e0d\u591a\uff0c\u53ea\u9700\u8981\u5728\u751f\u6210CSR\u90a3\u4e00\u6b65\uff0cFQDN\u8f93\u5165\u5355\u57df\u540d\u5c31\u884c\u4e86\uff0c\u7136\u540e\u7528certbot\u6307\u5b9a\u751f\u6210\u597d\u7684CSR\u6587\u4ef6\uff0c\u5c31\u80fd\u7b7e\u53d1\u4e86\uff1a<\/p>\n
.\/certbot certonly --csr=elsenow-ecc.csr\n<\/code><\/pre>\n
\u4e0b\u9762\u662f\u642d\u914dNginx\u4e4b\u540e\u5728\u6d4f\u89c8\u5668\u4e2d\u67e5\u770b\u7ed3\u679c\uff1a
\n\"letsencrypt-wildcard-ecc-certificate\"<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e4b\u524d\u8bf4\u8fc7\uff0c\u5229\u7528Certbot\u7533\u8bf7Let’s Encrypt SSL\u8bc1\u4e66\uff0c\u5f53\u65f6\u8fd8\u662f\u5355\u4e2a\u57df\u540d\uff0c\u73b0\u5728\u6cdb\u57df …<\/p>\n
  Certbot\u7533\u8bf7let’s encrypt ECC\u6cdb\u57df\u540d\u8bc1\u4e66<\/span> \u67e5\u770b\u5168\u6587 »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[183],"tags":[100],"class_list":["post-2010","post","type-post","status-publish","format-standard","hentry","category-more","tag-ssl"],"_links":{"self":[{"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/posts\/2010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/comments?post=2010"}],"version-history":[{"count":0,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/posts\/2010\/revisions"}],"wp:attachment":[{"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/media?parent=2010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/categories?post=2010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudbool.com\/archive\/wp-json\/wp\/v2\/tags?post=2010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}