太忙直接先贴下 方法明天来改
-----通过dns 授权通配符证书 acme.sh --issue --dns dns_ali -d hjrxxkj.com -d *.hjrxxkj.com -----安装证书 acme.sh --install-cert -d hjrxxkj.com --cert-file /usr/local/nginx/conf/cert/hjrxxkj.com.cer --key-file /usr/local/nginx/conf/cert/hjrxxkj.com.key --fullchain-file /usr/local/nginx/conf/cert/hjrxxkj.com.fullchain.cer --reloadcmd "service nginx restart" -----配置证书到服务器~ Nginx server { listen 443; server_name client.hjrxxkj.com; root /home/www/anran/client/web; index index.html index.htm index.php; location / { root /home/www/default; index index.html index.htm index.php; } include enable-php.conf; if (!-e $request_filename){ rewrite ^(.*)$ /index.php; } ssl on; ssl_certificate /usr/local/nginx/conf/cert/hjrxxkj.com.cer; ssl_certificate_key /usr/local/nginx/conf/cert/hjrxxkj.com.key; ssl_session_timeout 1d; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_session_cache shared:SSL:50m; ssl_session_tickets on; # ssl_stapling on; # ssl_stapling_verify on; # resolver 114.114.114.114 valid=300s; # resolver_timeout 10s; }