网站颁发免费ssl证书,https

https://github.com/acmesh-official/acme.sh
我使用的是nginx, 主要使用的命令:


curl https://get.acme.sh | sh -s email=my@example.com
source ~/.barshrc
# 使用该命令需要先配置带有域名的nginx 配置文件
acme.sh --issue -d mydomain.com --nginx

nginx 配置文件:

server {
                listen 80 ;
                listen [::]:80 ;
                server_name mydomain.com;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                location / {
                 proxy_pass http://localhost:8018;


       }

}

执行命令acme.sh --issue -d mydomain.com --nginx 后手动添加ssl 相关配置

server {
                listen 80 ;
                listen [::]:80 ;
                server_name mydomain.com;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                location / {
                 proxy_pass http://localhost:8018;


       }

}
server {
  #监听443端口
    listen 443 ;
    #你的域名
    server_name mydomain.com;
    ssl on;
    #ssl证书的pem文件路径
    ssl_certificate  /root/.acme.sh/mydomaincom_ecc/mydomain.com.cer;
    #ssl证书的key文件路径
    ssl_certificate_key /root/.acme.sh/mydomain.com/mydomain.com.key;

     proxy_set_header X-Forwarded-Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Host $http_host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-NginX-Proxy true;
    client_max_body_size 100m;

        location / {
          proxy_pass http://localhost:8018;

}

}

过程中遇到一个报错

看日志是服务器返回的结果是invalid
执行命令中加个--server letsencrypt, 搞定

自动更新证书==永久免费

posted @ 2024-02-27 16:40  那时一个人  阅读(19)  评论(0编辑  收藏  举报