假设有 Cloudflare 账号的 Global API Key,则 Credentials 配置文件内容参考如下
cloudflare.ini
# Cloudflare API credentials used by Certbot dns_cloudflare_email = cloudflare@example.com dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234
# certbot certonly --manual --preferred-challenges dns -d test.domain.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for test.domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name:
_acme-challenge.test.domain.com.
with the following value:
a1vi7KIPqDvMJtuJRThCD2n1nEnQF2TUc6hqJm-RLLI
Before continuing, verify the TXT record has been deployed. Depending on the DNS provider, this may take some time, from a few seconds to multiple minutes. You can check if it has finished deploying with aid of online tools, such as the Google Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.test.domain.com. Look for one or more bolded line(s) below the line ';ANSWER'. It should show the value(s) you've just added.
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/test.domain.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/test.domain.com/privkey.pem This certificate expires on 2024-08-14. These files will be updated when the certificate renews.
NEXT STEPS: - This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
Certbot failed to authenticate some domains (authenticator: dns-cloudflare). The Certificate Authority reported these problems: Domain: qq.test.top Type: dns Detail: DNS problem: looking up TXT for _acme-challenge.qq.test.top: DNSSEC: DNSKEY Missing
Domain: qq.cesh.top Type: dns Detail: DNS problem: looking up TXT for _acme-challenge.qq.cesh.top: DNSSEC: DNSKEY Missing
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-cloudflare-propagation-seconds (currently 30 seconds).
Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
# certbot certonly --debug --manual --preferred-challenges dns -d a.test.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for a.test.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name:
_acme-challenge.a.test.com.
with the following value:
kbLf6l1aKTPdLYwQJruY8-ajROrSinBlB1NDoJXHB1g
Before continuing, verify the TXT record has been deployed. Depending on the DNS provider, this may take some time, from a few seconds to multiple minutes. You can check if it has finished deploying with aid of online tools, such as the Google Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.a.test.com. Look for one or more bolded line(s) below the line ';ANSWER'. It should show the value(s) you've just added.
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems: Domain: a.test.com Type: dns Detail: DNS problem: SERVFAIL looking up CAA for a.test.com - the domain's nameservers may be malfunctioning
Hint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.
关键报错信息: DNS problem: SERVFAIL looking up CAA for a.test.com - the domain's nameservers may be malfunctioning。测试 TXT 记录已经添加成功
