网站自签证书

参考地址:https://github.com/acmesh-official/acme.sh/wiki/说明

在需要部署证书的网站机器上执行

curl  https://get.acme.sh | sh -s email=my@example.com
cd /root/.acme/
bash acme.sh  --issue  -d mydomain.com -d www.mydomain.com  --webroot  /home/wwwroot/mydomain.com/

第一个:-d是指主域名,
第二个:-d是指在域名控制台解析的子域名
--webroot /home/wwwroot/mydomain.com/ 指的是网站根目录路径

颁发证书下来:

[root@idn-test-game .acme.sh]# ll test.test.com/
total 36
-rw-r--r-- 1 root root 4399 Jan 20 15:33 ca.cer
-rw-r--r-- 1 root root 6700 Jan 20 15:33 fullchain.cer
-rw-r--r-- 1 root root 2301 Jan 20 15:33 test.test.com.cer
-rw-r--r-- 1 root root  597 Jan 20 15:33 test.test.com.conf
-rw-r--r-- 1 root root  972 Jan 20 15:32 test.test.com.csr
-rw-r--r-- 1 root root  154 Jan 20 15:32 test.test.com.csr.conf
-rw-r--r-- 1 root root 1679 Jan 20 15:32 test.test.com.key

 

这两个公钥和私钥部署到NGINX中
test.test.com.cer
test.test.com.key

cat nginx.conf
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
worker_rlimit_nofile 65535;
events {
    worker_connections 65535;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile          on;
    #tcp_nopush       on;
    keepalive_timeout 65;
    gzip on;           
    gzip_http_version 1.1;
    gzip_comp_level 3;
    gzip_min_length 512;
    gzip_buffers 16 64k;
    gzip_types application/json application/octet-stream application/x-www-form-urlencoded;           
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    #include /etc/nginx/conf.d/*.conf;
    server {
        listen 80;
        listen 443 ssl;
        server_name test.rdvalidasi.com;
        ssl_certificate     /etc/nginx/ssl/test.test.com.cer;
        ssl_certificate_key /etc/nginx/ssl/test.test.com.key;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        location / {
            root /usr/local/gitlab-runner/game/;
            charset utf-8;
            default_type text/plain;
        }
    }
}

 

nginx -s reload

重启过后就可以使用https收信任的网站了

完成后定时任务会有一个自动检查

58 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

这是执行脚本的时候自动添加的

正常是60天自动续签一次

 

posted @ 2022-01-20 17:23  缺个好听的昵称  阅读(103)  评论(0编辑  收藏  举报