0. 阅读说明

• 代码为服务器运行bash命令，需在服务器环境运行
• 花括号 {xxx} 括起的内容需要根据实际情况替换，不保留花括号

1. 使用certbot申请泛解析域名

官方帮助文档（当前已无法范围）：https://certbot.eff.org/lets-encrypt/centosrhel7-nginx

例如，泛解析域名为：*.dev.wabiwabo.com

> certbot certonly -d {*.dev.wabiwabo.com} --manual --preferred-challenges dns --server <https://acme-v02.api.letsencrypt.org/directory>

注意：申请泛解析域名证书需要根据控制台提示添加域名解析，添加好域名解析才能进行下一步生成泛解析域名证书

Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit <https://certbot.eff.org/> to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for dev.wabiwabo.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.dev.wabiwabo.com with the following value:

1OXJ8gaX8IfP10DokRN0k9WtcEvaY7egQ1D4czMRnc8

以上提示需要添加 TXT 类型解析，将 _acme-challenge.dev.wabiwabo.com 解析为1OXJ8gaX8IfP10DokRN0k9WtcEvaY7egQ1D4czMRnc8`

2022/9/25备注： 当前certbot-auto 不再提供Nginx

等待域名解析生效后，在控制台回车继续

Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/dev.wabiwabo.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/dev.wabiwabo.com/privkey.pem
   Your cert will expire on 2022-12-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   <https://letsencrypt.org/donate>
   Donating to EFF:                    <https://eff.org/donate-le>

到这里域名证书生成成功。

2. 域名证书位置

域名证书生成成功后，会存放到 /etc/letsencrypt/live/{域名}/ 路径下