1.申请https证书
certbot certonly --manual -d *.liuwenwen.net --agree-tos --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Please deploy a DNS TXT record under the name:_acme-challenge.liuwenwen.net.with the following value:d5RIrmT_mwj-Kp1qYYY1klzcCzqwcKBjYCnkM4B2BHcBefore continuing, verify the TXT record has been deployed. Depending on the DNSprovider, this may take some time, from a few seconds to multiple minutes. You cancheck if it has finished deploying with aid of online tools, such as the GoogleAdmin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.liuwenwen.net.Look for one or more bolded line(s) below the line ';ANSWER'. It should show thevalue(s) you've just added.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Press Enter to ContinueSuccessfully received certificate.Certificate is saved at: /etc/letsencrypt/live/liuwenwen.net/fullchain.pemKey is saved at: /etc/letsencrypt/live/liuwenwen.net/privkey.pemThis certificate expires on 2021-12-09.These files will be updated when the certificate renews.NEXT STEPS:- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -If you like Certbot, please consider supporting our work by:* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate* Donating to EFF: https://eff.org/donate-le- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2.重命名https证书
root@hongkong:/etc/pki/nginx# ls -ltotal 12-rw-r--r-- 1 root root 5592 Sep 10 21:50 fullchain.crt-rw-r--r-- 1 root root 1705 Sep 10 21:51 privkey.key
3.配置站点信息
### You should look at the following URL's in order to grasp a solid understanding# of Nginx configuration files in order to fully unleash the power of Nginx.# https://www.nginx.com/resources/wiki/start/# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/# https://wiki.debian.org/Nginx/DirectoryStructure## In most cases, administrators will remove this file from sites-enabled/ and# leave it as reference inside of sites-available where it will continue to be# updated by the nginx packaging team.## This file will automatically load configuration files provided by other# applications, such as Drupal or Wordpress. These applications will be made# available underneath a path with that package name, such as /drupal8.## Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.### Default server configuration#server {listen 80 default_server;listen [::]:80 default_server;# SSL configuration## listen 443 ssl default_server;# listen [::]:443 ssl default_server;## Note: You should disable gzip for SSL traffic.# See: https://bugs.debian.org/773332## Read up on ssl_ciphers to ensure a secure configuration.# See: https://bugs.debian.org/765782## Self signed certs generated by the ssl-cert package# Don't use them in a production server!## include snippets/snakeoil.conf;root /var/www/html;# Add index.php to the list if you are using PHPindex index.html index.htm index.nginx-debian.html;server_name _;rewrite ^(.*)$ https://$host$1 permanent;# location / {# First attempt to serve request as file, then# as directory, then fall back to displaying a 404.# try_files $uri $uri/ =404;# }# pass PHP scripts to FastCGI server##location ~ \.php$ {# include snippets/fastcgi-php.conf;## # With php-fpm (or other unix sockets):# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;# # With php-cgi (or other tcp sockets):# fastcgi_pass 127.0.0.1:9000;#}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {# deny all;#}}server {# listen 80 default_server;# listen [::]:80 default_server;# SSL configuration#listen 443 ssl default_server;listen [::]:443 ssl default_server;ssl_certificate /etc/pki/nginx/fullchain.crt;ssl_certificate_key /etc/pki/nginx/privkey.key;## Note: You should disable gzip for SSL traffic.# See: https://bugs.debian.org/773332## Read up on ssl_ciphers to ensure a secure configuration.# See: https://bugs.debian.org/765782## Self signed certs generated by the ssl-cert package# Don't use them in a production server!## include snippets/snakeoil.conf;root /var/www/html;# Add index.php to the list if you are using PHPindex index.html index.htm index.nginx-debian.html;server_name _;location / {# First attempt to serve request as file, then# as directory, then fall back to displaying a 404.try_files $uri $uri/ =404;}# pass PHP scripts to FastCGI server##location ~ \.php$ {# include snippets/fastcgi-php.conf;## # With php-fpm (or other unix sockets):# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;# # With php-cgi (or other tcp sockets):# fastcgi_pass 127.0.0.1:9000;#}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {# deny all;#}}# Virtual Host configuration for example.com## You can move that to a different file under sites-available/ and symlink that# to sites-enabled/ to enable it.##server {# listen 80;# listen [::]:80;## server_name example.com;## root /var/www/example.com;# index index.html;## location / {# try_files $uri $uri/ =404;# }#}
4.查看证书信息
openssl x509 -noout -text -in fullchain.pem
若有收获,就点个赞吧
0 人点赞
