certbot申请免费SSL证书

[root@test xa]# cat xinanqm.com.sh
certbot certonly \
--email luofeng@scotec.net \
--agree-tos \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual \
-d *.xinanqm.com

2修改DNS解析商处TXT解析值

 3同步证书到nginx服务器

[root@test xa]# cat renew_cert.sh
#!/bin/bash

#/home/xa/certbot-auto renew >> /tmp/renew.log
#sleep 10

ansible static -m synchronize -a "src=/etc/letsencrypt dest=/etc/"
ansible php -m synchronize -a "src=/etc/letsencrypt dest=/etc/"
ansible appconf -m synchronize -a "src=/etc/letsencrypt dest=/etc/"
sleep 5
ansible static -m shell -a "systemctl reload nginx.service"
ansible static -m shell -a "systemctl reload nginx.service"
ansible php -m shell -a "systemctl reload nginx.service"
ansible php -m shell -a "systemctl reload nginx.service"
ansible appconf -m shell -a "systemctl reload nginx.service"
ansible appconf -m shell -a "systemctl reload nginx.service"

添加计划任务

27 11 * * * /bin/bash /home/xa/renew_cert.sh > /dev/null 2>&1