使用acme.sh安装ssl证书
注意:acme.sh 默认从之前的Let's Encrypt已更换为 ZeroSSL
cd /root #进入root用户根目录
安装很简单, 一个命令:
curl https://get.acme.sh | sh -s email=my@example.com
设置DNSPOD的接口变量ID和token
export DP_Id="1234" export DP_Key="sADDsdasdgdsf"
cd /root/.acme.sh acme.sh --issue --dns dns_dp -d aa.com -d www.aa.com
将生成的证书文件xxx.com.key和 fullchain.cer 拷贝到/etc/nginx/ssl/目录下或者你喜欢的目录下。
修改nginx配置文件:
server { #listen 80 default; listen 443 ssl default_server; server_name www.xxx.com; client_max_body_size 30M; if ($host ~ "\d+\.\d+\.\d+\.\d") { return 404; } location /robots.txt { return 200 "User-agent: * Disallow:"; } location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; real_ip_header CF-Connecting-IP; #client_max_body_size 50m; } ssl_certificate /etc/nginx/ssl/fullchain.cer; ssl_certificate_key /etc/nginx/ssl/www.xxx.com.key; }
acme.sh --uninstall #卸载命令
The keys and certs are in "/root/.acme.sh", you can remove them by yourself.
密钥和证书在“/root/.acme.sh”中,您可以自行删除它们。
rm -rf /root/.acme.sh #卸载后删除acme.sh脚本目录
本文参考 https://www.rsyncd.net/886.html