获取TLS证书

Let’s Encrypt 证书

• 以Debian为例，通过certbot申请证书.

  sudo apt update
  
  sudo apt install snapd
  
  sudo snap install --classic certbot
  
  sudo ln -s /snap/bin/certbot /usr/bin/certbot
  
  sudo certbot certonly --standalone
  # 申请证书
  
  sudo certbot renew --dry-run
  # 测试自动更新证书
  

• 完成了，现在你的证书应该处于:

  /etc/letsencrypt/live/example.com/fullchain.pem
  /etc/letsencrypt/live/example.com/privkey.pem
  

CloudFlare Origin 证书

• 注意,该证书只能被CloudFlare识别为可信,用于CDN与源站之间.
• Dashboard—SSL/TLS—Orgin Server即可生成证书.