前提

• linux发行版（类centos系统）
• yum包管理方式
• 已安装好nginx服务
• 本次演示为同一台服务、一个域名、多个子域名的场景

初次手动操作

# 安装certbot python3-certbot-nginx两个服务
sudo yum install -y certbot python3-certbot-nginx

# 执行创建命令
# -d 指定域名
# -d 指定泛域名
sudo certbot certonly --manual --preferred-challenges=dns -d webra.top -d *.webra.top
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel):  # 这里输入邮箱地址，并回车
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: # 这里输入Y，同意协议
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: # 这里输入N，拒绝发送一些新闻、事件的通知邮件
Account registered.
Requesting a certificate for webra.top and *.webra.top

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.webra.top. # 这里是主机记录

with the following value:

xxxx-xxxxxxxxx-xx-xxxxxxxxxxxxxxxxxxxxx   # 这里是记录值
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue  ####################
############################# 这里不要着急回车，去购买的域名的所在云平台，打开域名解析
# 记录类型选择： TXT
# 主机记录输入： _acme-challenge
# 记录值输入： xxxx-xxxxxxxxx-xx-xxxxxxxxxxxxxxxxxxxxx
# 保存确认该条解析
# 然后打开网址： https://toolbox.googleapps.com/apps/dig/
# 在该网站下输入： _acme-challenge.webra.top # 域名更改成自己的域名
# 输入后选择类型： TXT
# 会在界面下方出现输入的记录值，就代表成功了！！
# 然后回到服务器终端，在回车下一步
# 出现以下信息就代表成功了！！！！！！！！！！！！！！！！！！
Waiting for verification...
Cleaning up challenges

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/webra.top/fullchain.pem #### 这里是ssl路径
Key is saved at:         /etc/letsencrypt/live/webra.top/privkey.pem #### 这里是ssl路径
This certificate expires on 2025-08-14. # 到期时间
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

后续自动配置

• 已安装好docker
• docker能够连通dockerhub
• 选择docker 是因为本地环境可能会导致各种各样的问题
• 这里动配置实例以阿里云域名为示例演示