- 安装 acme.sh
1
| curl https://get.acme.sh | sh
|
- 配置 nginx
如果有 rewrite 强制 HTTPS 请按如下写法
1
2
3
4
5
6
7
8
9
| server {
charset utf-8;
listen 80;
server_name example.com;
location / {
rewrite ^(.*) https://$host$1 permanent;
}
}
|
- 签发证书
1
| acme.sh --issue -d example.com --nginx
|
- 安装到 nginx
1
2
3
4
| acme.sh --install-cert -d example.com \
--key-file /path/to/keyfile/example.com.key \
--fullchain-file /path/to/fullchain/example.com.crt \
--reloadcmd "service nginx force-reload"
|
注意需要自己写 nginx 配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| server {
charset utf-8;
listen 80;
server_name example.com;
location / {
rewrite ^(.*) https://$host$1 permanent;
}
}
server {
charset utf-8;
listen 443 ssl http2;
server_name example.com;
location / {
}
ssl on;
ssl_certificate /path/to/fullchain/example.com.crt;
ssl_certificate_key /path/to/keyfile/example.com.key;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
}
|