我可以很容易地请求通配符证书
sudo certbot -d example.com -d * .example.com - 批量--preferred-挑战DNS-01 -Server HTTPS://acme-v02.api.letsencrypt.org/directory certonly
我生成了三个文件:
privkey = /etc/letsencrypt /生活/ example.com/privkey.pem
链= /etc/letsencrypt /生活/ example.com/chain.pem
fullchain = /etc/letsencrypt/live/example.com/fullchain.pem.
任何人都可以建议openssl命令我可以用来将这些.pem文件转换为棱镜中央/棱镜元素所需的所需格式吗?我从https://www.slsupportdesk.com/openssl-commands/尝试了多个命令,但我似乎无法找到确切的命令。
如果需要其他证书,还可以从这里获取中间/根证书。
https://letsencrypt.org/certificates/
我希望最终找到一种方法来脚本这个过程,所以如果有人知道如何通过CLI替换棱镜中央/棱镜元素的证明,我也会很欣赏。但最初,我很高兴找到正确的证书格式。
最佳答案reinder.
\r\nTo answer your question, openssl is not needed to convert the certificates.\r\nWhat is tricky is to get Nutanix to take the chain.pem, after some frustrating tries I got it to work like this:
\r\n
\r\n ncli ssl-certificate import certificate-path=\/full\/path\/to\/cert.pem cacertificate-path=\/full\/path\/to\/mychain.pem key-path=\/full\/path\/to\/privkey.pem key-type=\"RSA_2048\"
\r\n
\r\nWhere mychain.pem I created by combining https:\/\/letsencrypt.org\/certs\/letsencryptauthorityx3.pem.txt with https:\/\/letsencrypt.org\/certs\/isrgrootx1.pem.txt
\r\nSo cat letsencryptauthorityx3.pem.txt isrgrootx1.pem.txt > mychain.pem
\r\n
\r\nHope this helps someone,
\r\n
\r\nReinder - TriOpSys - NL","className":"post__content__best_answer"}">