First statement, reproduced from: https://my.oschina.net/kimver/blog/1634575 , thanks to the original author, I have modified some content and the configuration of Nginx. The build process is run from scratch
Read the table of contents:
1. Abstract
2. How to use acme.sh
3. Configure Nginx
4. Precautions and Instructions
1. Abstract
Summary: Apply for a Let's Encrypt wildcard HTTPS certificate
ACME v2 released by Let's Encrypt now officially supports wildcard certificates. Next, we will introduce how to apply, Let's go.
Note that this tutorial is operated under centos 6, and other Linux systems are similar.
Nginx construction: https://my.oschina.net/u/3209432/blog/1581391
Nginx configuration Https: https://my.oschina.net/u/3209432/blog/1595521
2. How to use acme.sh
2.1 Getacme.sh
[root@loubobooo ~]# curl https://get.acme.sh | sh
The installation is successful as shown below
1.1 Execute the following command
[root@loubobooo ~]# source ~/.bashrc [root@loubobooo ~]# acme.sh
2. Start getting the certificate
acme.shThe strength is that DNS can be automatically configured, and there is no need to go to the domain name background to operate the parsing record. My domain name is registered in Alibaba. The following is an example of Alibaba Cloud parsing. For registration in other places, please refer to here to modify it yourself: Portal
Please go to the Alibaba Cloud backend to obtain the App_Keyportal App_Secret , and then execute the following script
# Replace with the key obtained from the Alibaba Cloud backend [root@loubobooo ~]# export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" [root@loubobooo ~]# export Ali_Secret="jlsdflanljkljlfdsaklkjflsa" # Replace with your own domain name and second-level domain name [root@loubobooo ~]# acme.sh --issue --dns dns_ali -d loubobooo.com -d *.louboboo.com
Here is the way to wait for DNS to take effect by sleeping the thread for 120 seconds, so you need to wait at least two minutes
Note: 4 files will be generated here
[Sat Mar 17 13:59:22 CST 2018] Your cert is in /root/.acme.sh/loubobooo.com/xxx.com.cer
[Sat Mar 17 13:59:22 CST 2018] Your cert key is in /root/.acme.sh/loubobooo.com/xxx.com.key
[Sat Mar 17 13:59:22 CST 2018] The intermediate CA cert is in /root/.acme.sh/xxx.com/ca.cer
[Sat Mar 17 13:59:22 CST 2018] And the full chain certs is there: /root/.acme.sh/xxx.com/fullchain.cer
At this point you're done!
After the first success, acme.shApp_Key and App_Secret will be recorded, and a scheduled task will be generated to automatically detect expired domain names at 0:00 am every day and automatically renew them. If you are concerned about this method, please be careful, but you can also delete the user-level timed tasks and clean up the ~/.acme.sh folder.
3. Configure Nginx
[root@loubobooo ~]# vim /usr/local/nginx/conf/vhost/download.xxx.com.conf
#Redirect all http protocol content to https protocol
server {
listen 80;
server_name download.xxx.com;
rewrite ^ https://$server_name$request_uri? permanent;
}#https协议
server {
listen 443;
server_name download.xxx.com;ssl on;
ssl_certificate /root/.acme.sh/xxx.com/fullchain.cer;
ssl_certificate_key /root/.acme.sh/xxx.com/loubobooo.com.key;
ssl_trusted_certificate /root/.acme.sh/xxx.com/ca.cer;autoindex on;
access_log /usr/local/nginx/logs/access.log combined;
error_log /usr/local/nginx/logs/error.log;
index index.html index.htm index.jsp index.php;
#error_page 404 /404.html;
location / {
root /ftpfile/setup;
}
}
4. Precautions and Instructions
Precautions:
When configuring Nginx, you need to add the ssl module when Nginx is compiled
Description: this use
Operating System: CentOS 6.8 64-bit
Nginx version: 1.13.9