發表於4月8日4月8日 安裝 acme.sh 來做 自動續簽SSL憑證--------------------------------------- 安裝 acme.sh 來做 自動續簽SSL憑證 --------------------------------------- mkdir -p /var/www/域名.com/well-known mkdir -p /var/www/域名.com/well-known/acme-challenge cd /var/www/域名.com/ mv well-known .well-known 產生dhparam mkdir -p /etc/nginx/ssl openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam 2048 ------------------------------------- acme.sh 預設安裝在/root/ 目錄 ------------------------------------- curl https://get.acme.sh | sh -s email=你的email 重新載入 source ~/.bashrc 自動更新 acme.sh --upgrade --auto-upgrade 切換為使用Let's Encrypt acme.sh --set-default-ca --server letsencrypt 修改 域名.com.conf vi /etc/nginx/sites-available/域名.com.conf 前面步驟有寫了幾行,現在都刪掉,更換為 server { listen 80; listen [::]:80; root /var/www/域名.com; index index.html index.htm index.php; server_name 域名.com; location /.well-known/acme-challenge { root /var/www/letsencrypt; } location / { rewrite ^/(.*)$ https://$host/$1 permanent; } } ESC儲存並離開 :wq 重新載入Nginx nginx -t nginx -s reload mkdir -p /var/www/letsencrypt 使用HTTP驗證簽發憑證 如果要申請多個域名,則是執行 acme.sh --issue -d 域名.com -d www.域名.com -w /var/www/letsencrypt 等待執行完,直到出現 Cert success Your cert is in: /root/.acme.sh/域名.com_ecc/域名.com.cer Your cert key is in: /root/.acme.sh/域名.com_ecc/域名.com.key The intermediate CA cert is in: /root/.acme.sh/域名.com_ecc/ca.cer And the full chain certs is there: /root/.acme.sh/域名.com_ecc/fullchain.cer 從上面得知,這是ECC憑證 安裝ECC憑證 acme.sh --install-cert --ecc -d 域名.com \ 依次敲入 --key-file /etc/nginx/ssl/域名.com.key \ --fullchain-file /etc/nginx/ssl/fullchain.cer \ --reloadcmd "systemctl restart nginx" 成功的話,將顯示 Run reload cmd: systemctl restart nginx 成功的話,將顯示 Reload success
建立帳號或登入後發表意見