N: Create certificate (default settings)"N:创建证书(默认设置)" M: Create certificate (full options)"M:创建证书(全选项)" R: Run renewals (0 currently due)"R:运行续订(0 当前到期)" A: Manage renewals (0 total)"A:管理续订(共 0 个)" O: More options..."O:更多选择..." Q: Quit"Q: 退出"
Please choose from the menu:"请从菜单中选择:"
选择 2 手动输入域名
1 2 3 4 5 6 7 8 9 10 11 12
Running in mode: Interactive, Advanced 运行模式:交互式、高级 Source plugin IIS not available: Run as administrator to allow access to IIS. 源插件 IIS 不可用:以管理员身份运行以允许访问 IIS。
Please specify how the list of domain names that will be included in the 请指定如何将域名列表包含在 certificate should be determined. If you choose for one of the "all bindings" 应确定证书。如果您选择“所有绑定”之一 options, the list will automatically be updated for future renewals to 选项,该列表将自动更新以供将来续订 reflect the bindings at that time. 反映了当时的束缚。
1: Read bindings from IIS 1:从IIS读取绑定 2: Manual input 2:手动输入 3: CSR created by another program 3:由另一个程序创建的CSR C: Abort C:中止
Host: 输入需要证书的泛域名
例如: *.bakaxiaofang.moe
然后回车
1 2 3 4 5
Host: *.bakaxiaofang.moe 主持人:*.bakaxiafang.moe Source generated using plugin Manual: *.bakaxiaofang.moe 使用插件生成的源码手册:*.bakaxiaofang.moe Friendly name '[Manual] *.bakaxiaofang.moe'. <Enter> to accept or type desired name: 友好名称“[手册]*.bakaxiaofang.moe”。 <Enter> 接受或输入所需名称:
选择1 每个域都有单独的证书(例如*.example.com)
1 2 3 4 5 6 7 8 9 10 11 12 13 14
By default your source identifiers are covered by a single certificate. But 默认情况下,您的源标识符由单个证书覆盖。但 if you want to avoid the 100 domain limit, want to prevent information 如果你想避免 100 个域名的限制,想要阻止信息 disclosure via the SAN list, and/or reduce the operational impact of a single 通过 SAN 列表进行披露,和/或减少单个事件对运营的影响 validation failure, you may choose to convert one source into multiple 验证失败,您可以选择将一个源转换为多个源 certificates, using different strategies. 证书,使用不同的策略。
1: Separate certificate for each domain (e.g. *.example.com) 1:每个域都有单独的证书(例如*.example.com) 2: Separate certificate for each host (e.g. sub.example.com) 2:每个主机都有单独的证书(例如 sub.example.com) 3: Separate certificate for each IIS site 3:每个 IIS 站点都有单独的证书 4: Single certificate 4:单证 C: Abort C:中止
Would you like to split this source into multiple certificates?: 您想将此源拆分为多个证书吗?:
Source generated using plugin Manual: *.bakaxiaofang.moe 使用插件生成的源码手册:*.bakaxiaofang.moe Validation plugin SelfHosting not available: HTTP validation cannot be used for wildcard identifiers (e.g. *.example.com) 验证插件 SelfHosting 不可用:HTTP 验证不能用于通配符标识符(例如 *.example.com) Validation plugin FileSystem not available: HTTP validation cannot be used for wildcard identifiers (e.g. *.example.com) 验证插件文件系统不可用:HTTP 验证不能用于通配符标识符(例如 *.example.com)
The ACME server will need to verify that you are the owner of the domain ACME 服务器需要验证您是否是域的所有者 names that you are requesting the certificate for. This happens both during 您正在请求证书的名称。这发生在 initial setup *and* for every future renewal. There are two main methods of 初始设置*和*用于将来的每次更新。主要有两种方法 doing so: answering specific http requests (http-01) or create specific dns 这样做:回答特定的http请求(http-01)或创建特定的dns records (dns-01). For wildcard identifiers the latter is the only option. 记录(dns-01)。对于通配符标识符,后者是唯一的选择 Various additional plugins are available from 各种附加插件可从 https://github.com/win-acme/win-acme/. https://github.com/win-acme/win-acme/。
1: [http] Save verification files on (network) path 1:[http]将验证文件保存在(网络)路径上 2: [http] Serve verification files from memory 2: [http] 从内存中提供验证文件 3: [http] Upload verification files via FTP(S) 3:[http]通过FTP(S)上传验证文件 4: [http] Upload verification files via SSH-FTP4:[http]通过SSH-FTP上传验证文件 5: [http] Upload verification files via WebDav 5:[http]通过WebDav上传验证文件 6: [dns] Create verification records in Cloudflare DNS 6:[dns]在Cloudflare DNS中创建验证记录 7: [dns] Create verification records manually (auto-renew not possible) 7:[dns]手动创建验证记录(无法自动续订) 8: [dns] Create verification records with acme-dns (https://github.com/joohoi/acme-dns) 8:【dns】使用acme-dns创建验证记录(https://github.com/joohoi/acme-dns) 9: [dns] Create verification records with your own script 9:【dns】用自己的脚本创建验证记录 10: [tls-alpn] Answer TLS verification request from win-acme10: [tls-alpn] 应答来自 win-acme 的 TLS 验证请求 <Enter>: Abort <输入>:中止 How would you like prove ownership for the domain(s)?: 您希望如何证明域名的所有权?:
选择1 从控制台中输入或者粘贴令牌
1 2 3 4 5 6 7
Description: API Token for Cloudflare. 描述:Cloudflare 的 API 令牌。
1: Type/paste in console 1:在控制台中输入/粘贴 2: Search in vault 2:在保险库中搜索
Choose from the menu: 从菜单中选择:
Cloudflare API Token:
复制并粘贴自己的令牌
最后输入y保存到保管库以供将来重复使用
名称随意
1 2 3 4 5 6 7
Cloudflare API Token: ****************************************
Save to vault for future reuse? (y/n*) 保存到保管库以供将来重复使用? (是/否*) Cloudflare API 令牌:****************************************
Please provide a unique name to reference this secret: 请提供一个唯一的名称来引用此机密:
我思考了一下,选择1 ECC密钥,感觉比RSA好.
1 2 3 4 5 6 7 8 9 10 11
After ownership of the domain(s) has been proven, we will create a 在证明域名的所有权后,我们将创建一个 Certificate Signing Request (CSR) to obtain the actual certificate. The CSR 证书签名请求 (CSR) 以获取实际证书。企业社会责任 determines properties of the certificate like which (type of) key to use. If 确定证书的属性,例如使用哪种密钥(类型)。如果 you are not sure what to pick here, RSA is the safe default. 您不确定在这里选择什么,RSA 是安全的默认值。
When we have the certificate, you can store in one or more ways to make it 当我们有了证书后,您可以通过一种或多种方式来存储它 accessible to your applications. The Windows Certificate Store is the default 您的应用程序可以访问。 Windows 证书存储是默认的 location for IIS (unless you are managing a cluster of them). IIS 的位置(除非您正在管理它们的集群)
1: IIS Central Certificate Store (.pfx per host) 1:IIS 中央证书存储(每台主机 .pfx) 2: PEM encoded files (Apache, nginx, etc.) 2:PEM编码的文件(Apache、nginx等 3: PFX archive 3:PFX存档 4: Windows Certificate Store (Local Computer) 4:Windows证书存储(本地计算机) 5: No (additional) store steps 5:没有(额外的)存储步骤
Description: Password to setfor the private key .pem file.
1: None 1:无 2: Type/paste in console 2:在控制台中输入/粘贴 3: Search in vault 3:在库中搜索
Choose from the menu: 描述:为私钥 .pem 文件设置的密码。
从菜单中选择: 1: IIS Central Certificate Store (.pfx per host) 1:IIS 中央证书存储(每台主机 .pfx) 2: PEM encoded files (Apache, nginx, etc.) 2:PEM编码的文件(Apache、nginx等) 3: PFX archive 3:PFX存档 4: Windows Certificate Store (Local Computer) 4:Windows证书存储(本地计算机 5: No (additional) store steps 5:没有(额外的)存储步骤
Would you like to store it in another way too?: 您也想以其他方式存储它吗?: Installation plugin IIS not available: Requires CertificateStore or CentralSsl store plugin. 安装插件 IIS 不可用:需要 CertificateStore 或 CentralSsl 存储插件。
With the certificate saved to the store(s) of your choice, you may choose one 将证书保存到您选择的商店后,您可以选择一个 or more steps to update your applications, e.g. to configure the new 或更多步骤来更新您的应用程序,例如配置新的 thumbprint, or to update bindings. 指纹,或更新绑定
1: Create or update bindings in IIS 1:在 IIS 中创建或更新绑定 2: Start external script or program 2:启动外部脚本或程序 3: No (additional) installation steps 3:无(额外)安装步骤
Which installation step should run first?: 应首先运行哪个安装步骤?: Terms of service: C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\LE-SA-v1.3-September-21-2022.pdf 服务条款:C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\LE-SA-v1.3-September-21-2022.pdf Open in default application? (y/n*) 在默认应用程序中打开? (是/否*) Do you agree with the terms? (y*/n) 您同意这些条款吗? (y*/n) Enter email(s) for notifications about problems and abuse (comma-separated): fangbushimeizhi@gmail.com 输入有关问题和滥用的通知的电子邮件(以逗号分隔):fangbushimeizhi@gmail.com
Plugin Manual generated source *.bakaxiaofang.moe with 1 identifiers 插件手动生成源*.bakaxiaofang.moe,带有1个标识符 Plugin Domain created 1 order 插件域已创建 1 个订单 [*.bakaxiaofang.moe] Authorizing... [*.bakaxiaofang.moe]授权... [*.bakaxiaofang.moe] Authorizing using dns-01 validation (Cloudflare) [*.bakaxiaofang.moe] 使用 dns-01 验证进行授权 (Cloudflare) [*.bakaxiaofang.moe] Record [*.bakaxiafang.moe]记录 [*.bakaxiaofang.moe] Preliminary validation succeeded [*.bakaxiaofang.moe]初步验证成功 [*.bakaxiaofang.moe] Authorization result: valid [*.bakaxiaofang.moe] 授权结果:有效 [*.bakaxiaofang.moe] Record [*.bakaxiafang.moe]记录 Downloading certificate [Manual] *.bakaxiaofang.moe [bakaxiaofang.moe] 下载证书 [手册] *.bakaxiaofang.moe [bakaxiaofang.moe] Store with PemFiles... 使用 PemFiles 存储... Exporting .pem files to E:\Server\Website\SSL\bakaxiaofang 导出.pem文件到E:\Server\Website\SSL\bakaxiaofang Error getting renewal information from server 从服务器获取续订信息时出错 Adding Task Scheduler entry with the following settings 使用以下设置添加任务计划程序条目 - Name win-acme renew (acme-v02.api.letsencrypt.org) - 名称 win-acme renew (acme-v02.api.letsencrypt.org) - Path E:\Server\Website\SSL\win-acme.v2.2.7.1612.x64.pluggable - 路径 E:\Server\Website\SSL\win-acme.v2.2.7.1612.x64.pluggable - Command wacs.exe --renew--baseuri"https://acme-v02.api.letsencrypt.org/" - 命令 wacs.exe --renew--baseuri"https://acme-v02.api.letsencrypt.org/" - Start at 09:00:00 - 09:00:00 开始 - Random delay 04:00:00 - 随机延迟 04:00:00 - Time limit 02:00:00 - 时间限制 02:00:00
Do you want to specify the user the task will run as? (y/n*) - yes 您想指定任务运行的用户吗? (是/否*) - 是
Enter the username (Domain\username): FangB 输入用户名(域名\用户名):FangB
Enter the user's password: ***** 输入用户密码:*****
Adding renewal for [Manual] *.bakaxiaofang.moe 添加【说明书】续订 *.bakaxiaofang.moe Next renewal due after 2024/3/29 下次续订将于 2024 年 3 月 29 日之后到期 Certificate [Manual] *.bakaxiaofang.moe created 证书【手动】*.bakaxiaofang.moe 创建
