免费域名

可以去https://my.freenom.com/申请一个

certbot

sudo apt install certbot

创建/更新证书

certbot certonly --preferred-challenges dns --manual -d *.yourdomain --server https://acme-v02.api.letsencrypt.org/directory

一系列同意操作后，然后需要给自己的域名加一个TXT的解析：

Please deploy a DNS TXT record under the name
_acme-challenge.yourdomain.tk with the following value:

T50ZhbFPyBXNFPf2PpeVNOsEIk1G6gW9Wn4npXXXXXX

Before continuing, verify the record is deployed.

成功后显示如下：

- Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/yourdomain.tk/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/yourdomain.tk/privkey.pem
   Your cert will expire on 2021-06-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le