使用acme.sh生成ssl证书

使用acme.sh生成ssl证书

1.安装acme.sh

$ curl https://get.acme.sh | sh -s email=my@example.com

2.准备

2.1申请EAB Credentials for ACME Clients:
https://app.zerossl.com/developer

EAB KID
Axxxxz

EAB HMAC Key
Axxxxxxz

2.2申请API Key Management(Environment:Production)
https://developer.godaddy.com/keys

Key
Axxxxz
Secret
Axxxxxxz

3.申请证书

3.1acme.sh注册zerossl账户

$ acme.sh --register-account --server zerossl --eab-kid Axxxxz --eab-hmac-key Axxxxxxz

3.2修改默认ca为zerossl

$ acme.sh --set-default-ca --server zerossl

3.3导入Godaddy的秘钥

$ export GD_Key="Axxxxz" 
$ export GD_Secret="Axxxxxxz"

3.4为xxx.com申请证书

$ acme.sh --issue --dns dns_gd -d example.com

4.配置反向代理

4.1安装nginx

$ apt-get  install  nginx

4.2上传acme.sh生成的证书到nginx目录下

$ cp  /root/.acme.sh/example.com/example.com.cer  /etc/nginx/ssl/example.com.cer
$ cp  /root/.acme.sh/example.com/example.com.key  /etc/nginx/ssl/example.com.key

4.3创建web.conf配置文件
把web.conf修改为"域名.conf"(如example.com.conf),上传到 /etc/nginx/conf.d 目录下

server
    {
        listen 80;
        #listen [::]:80;
        server_name example.com;
    	# 修改为自己的域名
		rewrite ^/(.*) https://$server_name/$1 permanent;
    }

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name example.com;
    	# 修改为自己的域名
        ssl on;
        ssl_certificate /etc/nginx/ssl/example.com.cer;
    	# 修改为自己的证书所在路径
        ssl_certificate_key /etc/nginx/ssl/example.com.key;
    	# 修改为自己的证书的key所在路径
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        
		# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        # ssl_dhparam /etc/nginx/dhparam.pem;
		
		add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
		add_header X-Frame-Options DENY;
		add_header X-Content-Type-Options nosniff;

		location / {
        		proxy_set_header  Host  zheteng.pw;
        		proxy_pass http://192.168.8.180:80;
        		# 修改为目标网站的ip和端口
        		proxy_redirect off;
       			proxy_set_header X-Rea  l-IP $remote_addr;
        		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		}

		location /notifications/hub {
    		proxy_pass http://127.0.0.1:3012;
    		proxy_set_header Upgrade $http_upgrade;
    		proxy_set_header Connection "upgrade";
  		}

  		location /notifications/hub/negotiate {
    		proxy_pass http://192.168.8.180:80;
        	# 修改为目标网站的ip和端口
  		}
	}
posted @   柠萌不甜  阅读(644)  评论(0编辑  收藏  举报
相关博文:
·  docker安装bitwarden
·  linux下搭建kms服务
·  申请ssl证书并使用ACME.SH自动部署ssl证书
·  用acme.sh给网站域名,申请免费SSL永久证书
·  网站颁发免费ssl证书,https
阅读排行:
· 25岁的心里话
· 闲置电脑爆改个人服务器(超详细) #公网映射 #Vmware虚拟网络编辑器
· 零经验选手,Compose 一天开发一款小游戏!
· 因为Apifox不支持离线,我果断选择了Apipost!
· 通过 API 将Deepseek响应流式内容输出到前端
点击右上角即可分享
微信分享提示
AI IDE Trae