参考
https://blog.csdn.net/fyhju1/article/details/120452141
获取域名服务商AccessKey ID及AccessKey Secret
https://help.aliyun.com/zh/ram/user-guide/create-an-accesskey-pair
安装ACME
curl https://get.acme.sh | sh
source ~/.bashrc
如果使用root用户进行安装,会生成文件夹.acme.sh
文件夹地址:/root/.acme.sh
设置阿里云APPID 和阿里云APPKEY
##注:此处的APPID 和APPkey为我们从阿里云RAM中获取的
export Ali_Key="LTAI5tSiuG12DGaywKBNqasdfsaf"
export Ali_Secret="omJRBcJeS8e6PfgY39Uoasfddsa"
注册zeross账号
https://app.zerossl.com/signup
##注册完账号执行以下命令,注意test@abc.com 为你的个人邮箱,记得替换
acme.sh --register-account -m test@abc.com --server zerossl
申请证书(通配符)
acme.sh --issue --dns dns_ali -d abc.com -d *.abc.com
#申请证书续期使用以下命令
acme.sh --issue --force --dns dns_ali -d abc.com -d *.abc.com
证书文件如下:
root@xdz:~/.acme.sh# ll wuxingge.online_ecc/
total 40
-rw-r--r-- 1 root root 2668 Mar 5 11:09 ca.cer
-rw-r--r-- 1 root root 4144 Mar 5 11:09 fullchain.cer
-rw-r--r-- 1 root root 1476 Mar 5 11:09 wuxingge.online.cer
-rw-r--r-- 1 root root 575 Mar 5 11:09 wuxingge.online.conf
-rw-r--r-- 1 root root 493 Mar 5 11:04 wuxingge.online.csr
-rw-r--r-- 1 root root 210 Mar 5 11:04 wuxingge.online.csr.conf
-rw------- 1 root root 227 Mar 5 11:04 wuxingge.online.key
nginx配置https证书
vim www.wuxingge.online.conf
server {
listen 443 ssl;
server_name www.wuxingge.online wuxingge.online;
ssl_certificate ssl/fullchain.cer;
ssl_certificate_key ssl/wuxingge.online.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
root /html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /html;
}
}
server {
listen 80;
server_name www.wuxingge.online wuxingge.online;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
vim blog.wuxingge.online.conf
server {
listen 443 ssl;
server_name blog.wuxingge.online;
ssl_certificate ssl/fullchain.cer;
ssl_certificate_key ssl/wuxingge.online.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8081;
}
}
server {
listen 80;
server_name blog.wuxingge.online;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
my index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>wuxingge</title>
<style>
body {
display: flex;
flex-direction: column;
min-height: 100vh;
margin: 0;
}
footer {
margin-top: auto;
width: 100%;
height: 60px; /* 根据需要调整高度 */
background-color: #f0f0f0; /* 背景颜色,根据需要调整 */
display: flex;
justify-content: center; /* 水平居中 */
align-items: center; /* 垂直居中 */
font-size: 14px; /* 文字大小,根据需要调整 */
}
footer a {
text-decoration: none;
color: #000; /* 链接颜色,根据需要调整 */
}
</style>
</head>
<body>
<center>
<h1><a href="http://youxi.wuxingge.online/">wuxingge的小游戏</a></h1>
<h1><a href="http://baiban.wuxingge.online/">wuxingge的白板</a></h1>
</center>
<footer>
<a href="http://beian.miit.gov.cn/" target="_blank">京ICP备20xxxxx号-1</a>
</footer>
</body>
</html>