由 quzery 使用 官方 Snap 安装最新 Certbot
sudo apt remove certbot -y
sudo apt update
sudo apt install snapd -y
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot运行手动 DNS 验证
sudo certbot certonly --manual --preferred-challenges dns -d quzery.com -d '*.quzery.com'证书目录
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/quzery.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/quzery.com/privkey.pem
This certificate expires on 2025-12-18.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.自动续约
方案一(推荐):给 quzery.com 加 A 记录(最简单) !!!不能使用通配符
类型:A
主机记录:@ 值:<你这台服务器的公网 IPv4> TTL:600
certbot certonly --nginx -d quzery.com
输出
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/quzery.com-0001/fullchain.pem
Key is saved at: /etc/letsencrypt/live/quzery.com-0001/privkey.pem
This certificate expires on 2026-03-19.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sed -i 's#/etc/letsencrypt/live/quzery.com-0001/#/etc/letsencrypt/live/quzery.com/#g' /etc/nginx/conf.d/*.conf && nginx -t && systemctl reload nginx