- 安装acme.sh
$ curl https://get.acme.sh | sh
- 重载配置
$ source ~/.bashrc
- 绑定阿里云密钥(如果以后要添加的域名也在阿里,这种方式挺方便的):
阿里云(Access Key管理)地址:前往$ export Ali_Key="AAAAAAAAAAAAA" $ export Ali_Secret="BBBBBBBBBBBBBB"
- 签发证书:
$ acme.sh --issue --dns dns_ali -d cigobox.com -d *.cigobox.com
- 配置nginx
server { listen 443 ssl; listen [::]:443 ssl; server_name domain.com admin.domain.com; ssl on; index index.html index.htm index.php; root /www/domainroot; include enable-php-pathinfo.conf; include thinkphp.conf; ssl_certificate /home/root/.acme.sh/domain.com/fullchain.cer; ssl_certificate_key /home/root/.acme.sh/domain.com/domain.com.key; location /nginx_status { stub_status on; access_log off; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log /home/wwwlogs/access.log; } server { listen 80; listen [::]:80; server_name domain.com admin.domain.com; return 301 https://$host$request_uri; }
- acme会自动更新证书,Enjoy https吧!
博主自己作品推荐:
西谷盒子:自带公网IP、即插即用、全端口开放、花生壳替代品
https://cigobox.taobao.com