安装certbot

sudo apt install certbot

申请证书

certbot certonly --manual -d "*.itvro.com" --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

其中--manual是表示手动方式验证，--perferred-challenges dns 则表示通过添加dns记录方式来验证域名所属真实，-d后用双引号圈出的部分则是泛域名。
申请成功后，证书保存在/etc/letsencrypt/live目录中

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/itvro.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/itvro.com/privkey.pem
   Your cert will expire on 2021-09-13. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 - We were unable to subscribe you the EFF mailing list because your
   e-mail address appears to be invalid. You can try again later by
   visiting https://act.eff.org.

后续只用在90天内用certbot renew 命令即可更新ssl证书。

certbot renew

增加域名

certbot --expand -d a.itvro.com