ssl

curl https://get.acme.sh | sh


alias acme.sh=~/.acme.sh/acme.sh

acme.sh --register-account -m ****@qq.com acme.sh --issue -d ****.com --webroot /var/www/html/ # 将证书安装到指定位置
acme.sh --installcert -d ****.com --key-file /etc/ssl/certs/****.com/key.pem --fullchain-file /etc/ssl/certs/****.com/cert.pem
# nginx 配置证书
ssl_certificate /etc/ssl/certs/****.com/cert.pem;
ssl_certificate_key /etc/ssl/certs/****.com/key.pem;
listen 443;
ssl on;
server_name ****.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/****.com;

ssl_certificate /etc/ssl/certs/****.com/cert.pem;

ssl_certificate_key /etc/ssl/certs/****.com/key.pem;

ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;