在VPS上申请letsencrypt泛域名, 利用阿里云dns自动申请证书并且加入nginx
下载安装 acme.sh
1
| curl https://get.acme.sh | sh
|
重启 terminal
生成安装泛域名证书
申请阿里云 Api_key
和 Ali_Secret
(可以按照 acme.sh 进行设置)
- 访问 https://ram.console.aliyun.com
- 左侧菜单点击 用户管理, 右上角点击创建新用户
- 填写用户名, 点击确定, 注意保存
AccessKeyId
和 AccessKeySecret


- 添加授权


申请 证书
1 2 3 4
| export Ali_Key="上面申请的AccessKeyId" export Ali_Secret="上面申请的AccessKeySecret"
acme.sh --issue --dns dns_ali -d *.demo.com --dnssleep 0
|
安装cert并重启nginx
1 2 3 4 5 6 7
|
acme.sh --install-cert -d "*.demo.com" \ --key-file "/etc/nginx/ssl/*.demo.com.key" \ --fullchain-file "/etc/nginx/ssl/*.demo.com.cer" \ --reloadcmd "systemctl reload nginx"
|
nginx.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
| server { server_name any-pre-domain.demo.com; listen 80; listen 443 ssl;
# 配置你上面 --fullchain-file 的路径 ssl_certificate /etc/nginx/ssl/*.demo.com.cer; # 配置你上面 --key-file 的路径 ssl_certificate_key /etc/nginx/ssl/*.demo.com.key;
location / { proxy_pass http://localhost:1337; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
|
文章若有纰漏请大家补充指正,谢谢~~
http://blog.xinshangshangxin.com SHANG殇