https证书申请及安装

本文最后更新于:2024年9月16日 下午

使用acme.sh申请证书

准备工作

1.将域名解析到vps

2.vps安装nginx,注意找到nginx默认的网站文件夹,下面安装有用

安装acme.sh

详细见https://wsgzao.github.io/post/acme/ 我是采用以下方式安装的

1
acme.sh  --issue  -d mydomain.com -d www.mydomain.com  --webroot  /home/wwwroot/mydomain.com/

将mydomain.com改为自己的域名,把/home/wwwroot/mydomain.com/ 改为nginx默认的网站文件夹

对于二级域名申请证书(省心好用,使用前确保80端口没有占用)

1
acme.sh  --issue -d mydomain.com   --standalone

网站安装证书(未成功)

使用certbot安装证书

配置nginx.conf中的server_name

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
    if ($host = ilovemaths.tk) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  ilovemaths.tk;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }

}

# Settings for a TLS enabled server.

    server {
        listen       444 ssl http2 default_server;
        listen       [::]:444 ssl http2 default_server;
        server_name  ilovemaths.tk;
        root         /usr/share/nginx/html;
    ssl_certificate /etc/letsencrypt/live/ilovemaths.tk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ilovemaths.tk/privkey.pem; # managed by Certbot
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }

}

}

安装certbot

1
apt install python-certbot-nginx

申请证书

1
certbot --nginx --agree-tos --no-eff-email --email xxxx@gmail.com
折腾
#https证书
https证书申请及安装
https://andyppang.github.io/2020/12/09/Https证书申请/
作者
PL
发布于
2020年12月9日
许可协议