acme.sh申请ssl免费证书

时间:2024-03-11 07:56:06

参考
https://blog.csdn.net/fyhju1/article/details/120452141

获取域名服务商AccessKey ID及AccessKey Secret

https://help.aliyun.com/zh/ram/user-guide/create-an-accesskey-pair

安装ACME

curl https://get.acme.sh | sh
source ~/.bashrc

如果使用root用户进行安装,会生成文件夹.acme.sh
文件夹地址:/root/.acme.sh

设置阿里云APPID 和阿里云APPKEY

##注:此处的APPID 和APPkey为我们从阿里云RAM中获取的
export Ali_Key="LTAI5tSiuG12DGaywKBNqasdfsaf"
export Ali_Secret="omJRBcJeS8e6PfgY39Uoasfddsa"

注册zeross账号

https://app.zerossl.com/signup

##注册完账号执行以下命令,注意test@abc.com 为你的个人邮箱,记得替换
acme.sh  --register-account  -m test@abc.com --server zerossl

申请证书(通配符)

acme.sh --issue --dns dns_ali -d abc.com -d *.abc.com

证书文件如下:

root@xdz:~/.acme.sh# ll wuxingge.online_ecc/
total 40
-rw-r--r-- 1 root root 2668 Mar  5 11:09 ca.cer
-rw-r--r-- 1 root root 4144 Mar  5 11:09 fullchain.cer
-rw-r--r-- 1 root root 1476 Mar  5 11:09 wuxingge.online.cer
-rw-r--r-- 1 root root  575 Mar  5 11:09 wuxingge.online.conf
-rw-r--r-- 1 root root  493 Mar  5 11:04 wuxingge.online.csr
-rw-r--r-- 1 root root  210 Mar  5 11:04 wuxingge.online.csr.conf
-rw------- 1 root root  227 Mar  5 11:04 wuxingge.online.key

nginx配置https证书

vim www.wuxingge.online.conf

server {
    listen   443 ssl;
    server_name  www.wuxingge.online wuxingge.online;
    ssl_certificate  ssl/fullchain.cer;
    ssl_certificate_key ssl/wuxingge.online.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    location / {
        root   /html;
        index  index.html index.htm;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /html;
    }
}
server {
    listen      80;
    server_name  www.wuxingge.online wuxingge.online;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}

vim blog.wuxingge.online.conf

server {
    listen    443 ssl;
    server_name  blog.wuxingge.online;
    ssl_certificate  ssl/fullchain.cer;
    ssl_certificate_key ssl/wuxingge.online.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    location / {
        proxy_pass http://127.0.0.1:8081;
    }
}
server {
    listen      80;
    server_name  blog.wuxingge.online;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}

相关文章