网站颁发免费ssl证书,https
https://github.com/acmesh-official/acme.sh
我使用的是nginx, 主要使用的命令:
curl https://get.acme.sh | sh -s email=my@example.com
source ~/.barshrc
# 使用该命令需要先配置带有域名的nginx 配置文件
acme.sh --issue -d mydomain.com --nginx
nginx 配置文件:
server {
listen 80 ;
listen [::]:80 ;
server_name mydomain.com;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
location / {
proxy_pass http://localhost:8018;
}
}
执行命令acme.sh --issue -d mydomain.com --nginx
后手动添加ssl 相关配置
server {
listen 80 ;
listen [::]:80 ;
server_name mydomain.com;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
location / {
proxy_pass http://localhost:8018;
}
}
server {
#监听443端口
listen 443 ;
#你的域名
server_name mydomain.com;
ssl on;
#ssl证书的pem文件路径
ssl_certificate /root/.acme.sh/mydomaincom_ecc/mydomain.com.cer;
#ssl证书的key文件路径
ssl_certificate_key /root/.acme.sh/mydomain.com/mydomain.com.key;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
client_max_body_size 100m;
location / {
proxy_pass http://localhost:8018;
}
}
过程中遇到一个报错
看日志是服务器返回的结果是invalid
执行命令中加个--server letsencrypt
, 搞定
自动更新证书==永久免费
本文来自博客园,作者:那时一个人,转载请注明原文链接:https://www.cnblogs.com/qianxunman/p/18037209