域名免费颁发证书(http-https)

  1. Let’s Encrypt https://v2xtls.org/使用lets-encrypt获取免费证书/
  2. acme.sh https://v2xtls.org/使用acme-sh签发证书/

大佬网址 https://v2xtls.org/

证书自动更新

  • Let’s Encrypt证书的有效期是三个月,超过期限则需要续签。证书续期可以手动完成,例如:
    systemctl stop nginx
    certbot renew
    systemctl restart nginx
    
  • 也可以配置crontab任务自动续签,在/etc/crontab文件末添加一行:
    0 0 1 */2 0 root systemctl stop nginx; /usr/local/bin/certbot renew; systemctl restart nginx
    
  • pip3默认安装的certbot路径是/usr/local/bin/certbot,可使用 which certbot 查看,如果输出不同,请记得替换。该配置将每两个月自动运行certbot并续签证书。如果你的证书快到期了还没有续签,贴心的EFF(电子前哨基金会)会发邮件提醒,记得到期前续签就行。

问题

nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:101

配置文件

user  root;
worker_processes  1;


events {
    worker_connections  1024;
}

http {
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80;
        listen       443 ssl;
        server_name  域名;
        charset utf-8;
        #charset koi8-r;

        ssl_certificate 生成的证书位置;
        ssl_certificate_key 生成的证书位置;
        ssl_protocols TLSv1.2 TLSv1.3; # TLSv1.3需要nginx 1.13.0以上版本
        # 如果nginx版本低,建议使用这种加密算法配置
        # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
        ssl_ecdh_curve secp384r1;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;
        ssl_session_tickets off;
        keepalive_timeout 70;
 
        #access_log  logs/host.access.log  main;
        location / {
           root   html;
           index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}
posted @ 2022-08-30 22:27  MikiKawai  阅读(121)  评论(0编辑  收藏  举报