Jack Posted May 26 Share Posted May 26 (edited) ---------------------------- acme.sh 自動續簽SSL憑證 ---------------------------- mkdir -p /var/www/域名.com/well-known mkdir -p /var/www/域名.com/well-known/acme-challenge cd /var/www/域名.com/ mv well-known .well-known 產生dhparam mkdir -p /etc/nginx/ssl openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam 2048 ------------------------------------- acme.sh 預設安裝在/root/ 目錄 ------------------------------------- curl https://get.acme.sh | sh -s email=你的email 重新加載 source ~/.bashrc 自動更新 acme.sh --upgrade --auto-upgrade SSL憑證切換為使用Let's Encrypt acme.sh --set-default-ca --server letsencrypt 修改 域名.com.conf vi /etc/nginx/sites-available/域名.com.conf 前面的步驟有寫了幾行,現在都刪掉,更換為 server { listen 80; listen [::]:80; root /var/www/域名.com; index index.html index.htm index.php; server_name 域名.com; location /.well-known/acme-challenge { root /var/www/letsencrypt; } location / { rewrite ^/(.*)$ https://$host/$1 permanent; } } ESC儲存並離開 :wq 重新加载Nginx nginx -t nginx -s reload mkdir -p /var/www/letsencrypt 使用HTTP驗證簽發憑證 acme.sh --issue -d 域名.com -w /var/www/letsencrypt/ 如果要申請多個域名,則是執行 acme.sh --issue -d 域名.com -d www.域名.com -w /var/www/letsencrypt 等待執行完,直到出現 Cert success Your cert is in: /root/.acme.sh/域名.com_ecc/域名.com.cer Your cert key is in: /root/.acme.sh/域名.com_ecc/域名.com.key The intermediate CA cert is in: /root/.acme.sh/域名.com_ecc/ca.cer And the full chain certs is there: /root/.acme.sh/域名.com_ecc/fullchain.cer 從上面得知,這是ECC憑證 安裝ECC憑證 acme.sh --install-cert --ecc -d 域名.com \ 接著,依次敲入 --key-file /etc/nginx/ssl/域名.com.key \ --fullchain-file /etc/nginx/ssl/fullchain.cer \ --reloadcmd "systemctl restart nginx" 成功的話,將顯示 Run reload cmd: systemctl restart nginx 成功的話,將顯示 Reload success Edited May 27 by Jack Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now