注意:acme.sh 默認從之前的Let's Encrypt已更換為 ZeroSSL
cd /root #進入root用戶根目錄
安裝很簡單, 一個命令:
curl https://get.acme.sh | sh -s email=my@example.com設置DNSPOD的接口變量ID和token
export DP_Id="1234" export DP_Key="sADDsdasdgdsf"
cd /root/.acme.sh acme.sh --issue --dns dns_dp -d aa.com -d www.aa.com
將生成的證書文件xxx.com.key和 fullchain.cer 拷貝到/etc/nginx/ssl/目錄下或者你喜歡的目錄下。
修改nginx配置文件:
server {
#listen 80 default;
listen 443 ssl default_server;
server_name www.xxx.com;
client_max_body_size 30M;
if ($host ~ "\d+\.\d+\.\d+\.\d") {
return 404;
}
location /robots.txt {
return 200 "User-agent: *
Disallow:";
}
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
real_ip_header CF-Connecting-IP;
#client_max_body_size 50m;
}
ssl_certificate /etc/nginx/ssl/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/www.xxx.com.key;
}
acme.sh --uninstall #卸載命令
The keys and certs are in "/root/.acme.sh", you can remove them by yourself.
密鑰和證書在“/root/.acme.sh”中,您可以自行刪除它們。
rm -rf /root/.acme.sh #卸載后刪除acme.sh腳本目錄
本文參考 https://www.rsyncd.net/886.html