nginx 配置 acme.sh

  1. 安装 acme.sh
1
curl https://get.acme.sh | sh
  1. 配置 nginx

如果有 rewrite 强制 HTTPS 请按如下写法

1
2
3
4
5
6
7
8
9
server {
charset utf-8;
listen 80;
server_name example.com;

location / {
rewrite ^(.*) https://$host$1 permanent;
}
}
  1. 签发证书
1
acme.sh --issue -d example.com --nginx
  1. 安装到 nginx
1
2
3
4
acme.sh --install-cert -d example.com \
--key-file /path/to/keyfile/example.com.key \
--fullchain-file /path/to/fullchain/example.com.crt \
--reloadcmd "service nginx force-reload"

注意需要自己写 nginx 配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
server {
charset utf-8;
listen 80;
server_name example.com;

location / {
rewrite ^(.*) https://$host$1 permanent;
}
}

server {
charset utf-8;
listen 443 ssl http2;
server_name example.com;

location / {
# 配置内容
}

ssl on;
ssl_certificate /path/to/fullchain/example.com.crt;
ssl_certificate_key /path/to/keyfile/example.com.key;

# HSTS Preload(可选)
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

}