域名免费颁发证书(http-https)
大佬网址 https://v2xtls.org/
证书自动更新
- Let’s Encrypt证书的有效期是三个月,超过期限则需要续签。证书续期可以手动完成,例如:
systemctl stop nginx certbot renew systemctl restart nginx
- 也可以配置crontab任务自动续签,在/etc/crontab文件末添加一行:
0 0 1 */2 0 root systemctl stop nginx; /usr/local/bin/certbot renew; systemctl restart nginx
- pip3默认安装的certbot路径是/usr/local/bin/certbot,可使用 which certbot 查看,如果输出不同,请记得替换。该配置将每两个月自动运行certbot并续签证书。如果你的证书快到期了还没有续签,贴心的EFF(电子前哨基金会)会发邮件提醒,记得到期前续签就行。
问题
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:101
- 解决就是缺少http_ssl_module模块,找到之前的 nginx的下载包重新指定一下参数,然后将 objs/nginx 拷贝到 sbin/x下。
https://blog.csdn.net/guo_qiangqiang/article/details/95622649
配置文件
user root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile on;
keepalive_timeout 65;
server {
listen 80;
listen 443 ssl;
server_name 域名;
charset utf-8;
#charset koi8-r;
ssl_certificate 生成的证书位置;
ssl_certificate_key 生成的证书位置;
ssl_protocols TLSv1.2 TLSv1.3; # TLSv1.3需要nginx 1.13.0以上版本
# 如果nginx版本低,建议使用这种加密算法配置
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
keepalive_timeout 70;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}