Acme.ch

Nginx 配置

先看Nginx配置，如果是重定向的需要设置一下㔿转发 /.well-known/acme-challenge/

server {
    listen       80;
    server_name  ai.zguishen.com;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        allow all;
        root /var/www/ai.zguishen.com/;
    }

    location ^~ / {
        proxy_pass http://127.0.0.1:8888/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

acme.sh 脚本

项目地址 https://github.com/acmesh-official/acme.sh/

生成证书：

# 设置下邮箱
./acme.sh --register-account -m [email protected]

# 生成证书，-w 内容为 Nginx 中配置的 root 位置，命令输出有错误的话可以加上 --debug 看日志
./acme.sh  --issue -d ai.zguishen.com -w /var/www/ai.zguishen.com/

安装证书

./acme.sh --install-cert -d ai.zguishen.com \
--key-file       /etc/nginx/conf.d/ai.zguishen.com.key.pem  \
--fullchain-file /etc/nginx/conf.d/ai.zguishen.com.pem \
--reloadcmd     "nginx -s reload"

修改 Nginx conf

server {
    listen       80;
    server_name  ai.zguishen.com;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        allow all;
        root /var/www/ai.zguishen.com/;
    }

    location ^~ / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name  ai.zguishen.com;

    ssl_certificate   /etc/nginx/conf.d/ai.zguishen.com.pem;
    ssl_certificate_key  /etc/nginx/conf.d/ai.zguishen.com.key.pem;

    location ^~ / {
        proxy_pass http://127.0.0.1:8888/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

重新加载 Nginx nginx -s reload，如果怕不生效的话就先停了 nginx -s stop 再启动 nginx -c /etc/nginx/nginx.conf