下载
curl https://get.acme.sh | sh -s email=tencreat@tencreat.com
注意:邮箱地址可以随便写,但一定要写,这个已踩过坑
申请证书 替换域名
- 没有nginx:
yum install -y socat ~/.acme.sh/acme.sh --issue -d 域名 --standalone
- 有nginx
~/.acme.sh/acme.sh --issue -d 域名 --nginx
- 生成目录
mkdir -p /usr/mydata/nginx/ssl
安装证书 替换域名
~/.acme.sh/acme.sh --install-cert -d 域名
–key-file /usr/mydata/nginx/ssl/test1.key.pem
–fullchain-file /usr/mydata/nginx/ssl/test1.cert.pem
–reloadcmd “service nginx force-reload”
配置证书
nginx 配置参考
server
{
listen 80;
listen 443 ssl;
server_name 域名;
ssl_certificate /usr/mydata/nginx/ssl/test1.cert.pem;
ssl_certificate_key /usr/mydata/nginx/ssl/test1.key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}