1.安装 certbot

yum install epel-release
yum install certbot

2.签发 跟着 #根据命令提示设置dns txt解析

certbot certonly --preferred-challenges dns --manual -d *.youdomain.com --server https://acme-v02.api.letsencrypt.org/directory

3.签发完成，加粗部分可以找到证书文件，手动进行配置

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/youdomain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/youdomain.com/privkey.pem
   Your certificate will expire on 2023-06-06. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

4.修改网页服务器配置文件，以nginx为例

ssl_certificate /etc/letsencrypt/live/youdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/youdomain.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;

实际效果可以以本站为例。