./certbot-auto -v(小写) 

./certbot-auto --nginx certonly

出现nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)错误解决

./certbot-auto --nginx --nginx-server-root=/usr/local/nginx/conf certonly

---------------------------------------------------------------------------

centos 下 安装 certbot-auto

获取Let's Encrypt

##获取

wget https://dl.eff.org/certbot-auto  

##设置为可执行

chmod a+x certbot-auto

执行自动部署

./certbot-auto （还会提示无法找到nginx.conf,用上面方法）

-----------------------------------------------------------

申请*.91ciyt.com 通配符ssl

./certbot-auto certonly  -d *.91city.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory 

是否同意 Let's Encrypt 协议要求

询问是否对域名和机器（IP）进行绑定

确认同意才能继续。

继续查看命令行的输出，非常关键：

Please deploy a DNS TXT record under the name

_acme-challenge.91city.com with the following value:

2_8KBE_jXH8nYZ2unEViIbW52LhIqxkg6i9mcwsRvhQ

Before continuing, verify the record is deployed.

要求配置 DNS TXT 记录，从而校验域名所有权，也就是判断证书申请者是否有域名的所有权。

$ dig  -t txt  _acme-challenge.91city.com @8.8.8.8

yum -y install bind-utils(dig不能使用运行)

$ tree /etc/letsencrypt/archive/91city.com

.

├── cert1.pem

├── chain1.pem

├── fullchain1.pem

└── privkey1.pem

然后校验证书信息，输入如下命令：

openssl x509 -in  /etc/letsencrypt/archive/91city.com/cert1.pem -noout -text 

关键输出如下：

X509v3 Subject Alternative Name: 

    DNS:*.91city.com

成功 *.91city.com