Tomcat or Nginx domain configuration Https ~ ssl

## Free https certificate

A free certificate

证书介绍：
域名型（DV）SSL 证书：立即签发，小公司，个人用户，单域名，免费的证书都是这种的** DV SSL 单域名证书**；一般最多支持两个子域名 www三级域名和二级域名
企业型（OV）SSL 证书：3-5DAYS，当然还要 `营业执照`等，中型公司。一般支持5+以上的子域名。
企业增强型（EV）SSL 证书:5-7 DYAS， 当然还要 `营业执照`，还会第三方数据库如邓白氏、114等进行更加严格的审核；支持 *

区别：
1：DV: 显示https+小锁; 详情：主题名称，非常简单，常见
2：OV: 显示https+小锁，证书详情：主题名称很详细，国家、地区、组织者、常用名、公司名称等，大商业公司这种居多
这种一般直接就能看到公司名称，如搜索 雅虎、雅虎日本、淘宝、天猫
在搜索搜索：小博客，就知道差距了.
2：EV: 显示https+小锁+公司名字直显在浏览器地址栏，证书详情值 公司名称；不常见

收费的都是那些中域名：
1：DV的多域名性（单域名 或者 泛域名）；域名型 Domain;  如：`*.weddinglove.xyz`,免费都是单域名的`clmicrosystems.com`； 收费的基本上都是泛域名； 小公司 DV 免费的就够了
2：OV的单、多、泛域名型；组织性 Organization
3：EV的单、多域名型（这种最贵，并且不提供*泛域名）；增强型 Extended


公司举例：
1：DV:码云、极客学院、慕课网各种中小型全部使用的是DV,或者 甚至没有用https，我们公司开发如：
https://weddinglove.xyz (*.)、https://mixfm.cn
2：OV:京东、淘宝、谷歌、雅虎日本、雅虎美国、饿了么、拼多多、知乎、百度； 这种大的官网，入口行网站；
 但 baidu.com旗下产品使用统一的一个证书；
 腾讯旗下的mp.weixin.qq.com、weixin.qq.com、qq.com是OV但是用的是不同的证书
3：EV:apple.com、myssl.com、sslcertificateshop.com

See the difference between a domain type (DV), business type (OV), Enhanced (EV) SSL certificate three kinds

1. Free use https certificate class linux ~

免费的证书网站freessl.cn,里面可以签发两种免费证书，但是trustAsia有效期1年，LestsEncrypt证书免费期3个月;
类似一共有三款：**AlwaysOnSSL**、***SSL For Free*和**FreeSSL.org**
过期还得重新申请，也比较麻烦；
常用自动续签有两种方式 **CertBot**客户端和 **acme.sh**，但都是类unix的，
使用命令行 certbot-auto

CertBot: Only unix version
aceme.sh: Chinese support is very friendly and people develop
win-acme: it supports windows following automatic renewal

说明：一个域名可以有多个二级域名，每个二级域名，如www、blog、small都可以对应不用的ip地址，绑定到多ip上面

1. freessl.cn may be issued free trustAsia, LestsEncrypt certificate , has been tested website LestsEncrypt certificate clmicrosystems.com , can be used normally; or trustAsia certificate http://bu.weddinglove.xyz/bobo/ can be used normally; the most important there is a free one-year certificate
2. Taught you how to use CertBot on Nginx, but this only supports class linux operating system.
3. Let's Encrypt free certificate, but the validity of 90 days
4. Let's Encrypt tutorials, free SSL certificates, make your website embrace HTTPS
5. Tomcat deployment Let's Encrypt free SSL certificate && automatic renewal, use jdk keystore converted to jks

Reference: people acme.sh
Reference: official certbot Client
Reference: win-Acme
Reference: Windows Tomcat configuration Let's Encrypt certificate and automatically update

2. Certificates Safety Testing

证书有证书的安全级别，已经TLS的安全级别，如：小程序TLS必须1.2+的版本，
低于这个版本就有问题了

1. Asia integrity trustasia myssl.com certificate to verify the safety performance ratings ~~ HTTPS monitor, you can directly view is DV, OV or EV , Asia integrity trustasia tool inlet 2 , the number of security era
2. chinassl.net certificate monitoring
3. Shoot monitoring cloud upyun.com https certificate
4. Tencent cloud https monitoring, detection apple ATS
5. qiniu ssl

Second, the foreign domain name + foreign cloud hosting

1. foreign domain and Cloud Hosting

如果你的域名在国内已经备案过，就不用用国外的服务了，
使用国外的域名，云主机也必须是国外的，否则没有备案的网站还是无法访问

1. Personal godaddy domain name registration solutions
2. V durian ulandtrable
3. godadd Singapore domain name server providers

Third, the domain name literacy

1. Name Category

域名：可分三级，一级域名，二级域名，三级域名。

1. baidu.comThat is, a level domain, www.baidu.comis the second-level domain
2. zhidao.baidu.comIs the second-level domain,
3. mp.weixin.qq.com is the third-level domain

Fourth, the automatic renewal of domain name issues

1. Automatic renewal

自动续签的问题，类unix系统解决方案很多，直接使用**certbot**, 就可以处理;  
windows平台不用使用certbot, 可以使用 **win-acme**；

1. certbotAutomatic renewal of the let's the encrypt , details see certbot , domestic blog:
2. win-acmeThe following are windows automatically renew tools, see: win-Acme , participate blog, deploy free ssl certificate (letsencrypt) under-windows Blog ; two ways to free automatic renewal of certificates, mentioned here CertBot客户端and acme.sh工具, but are linux or mac the command-line tool, if there were no windows in the

V. Notes

1. https, http mixing error

问题汇总;  

1. https, http mix, will go wrong, such as: This request has been blocked; the content must be served over HTTPS.be sure to avoid this; a lot of the introduction of all third-party js, // direct is the beginning, did not write specifically http (s) of

Sixth, certificate configuration

Ali cloud certificate corresponding nginx, apache, iis, tomcat and other configurations (direct purchase free Ali cloud type DV SSL can be used, it is also valid for 1 year)

博客汇总，这里依阿里云Symantec的免费证书为例子 

Ali cloud free certificate purchase

1. Tomcat server installed SSL certificate
2. IIS server SSL certificate installed
3. Nginx / Tengine server SSL certificate installed
4. Apache server installed SSL certificate
5. A nginx can be configured as multiple domain names, namely: Multiple server can configure multiple completely different domain name. SPA environment such as certificates of peaceful Mu test environment; environmental certificate books and teleport environment. How to setup subdomain or host multiple domains using nginx in linux server