标签：ACME 证书 09 Oct ssl 2022 CST Tue PM

申请ssl证书并使用ACME.SH自动部署ssl证书

一、申请ssl证书

1、前往https://freessl.cn申请免费的亚信SSL证书


2、按照要求添加dns记录

 

二、安装ACME.SH

1，Linux系统使用root用户,实测：Ubuntu 20.04 ubuntu用户无法执行安装代码

//如果没有root用户密码 执行以下代码设置密码
sudo passwd root
//在下面输入密码回车

//切换用户到root
su root
//然后输入密码切换用户

2，执行安装代码

//执行以下代码
curl https://get.acme.sh | sh -s email=这里配置你的邮箱

//如果第一个无法执行，执行以下代码
curl https://gitcode.net/cert/cn-acme.sh/-/raw/master/install.sh?inline=false | sh -s email=这里配置你的邮箱地址

3，重新连接终端bash

三、检查配置信息，获取代码

1，检查配置信息并复制代码

 

2，执行代码安装证书

root@VM-8-11-ubuntu:/home/ubuntu# acme.sh --issue -d demo.com  --dns dns_dp --server https://acme.freessl.cn/v2/DV90/directory/xxxxxxxxxxxx
[Tue Oct 18 09:19:53 PM CST 2022] Using CA: https://acme.freessl.cn/v2/DV90/directory/xxxxxxxxxxxxxxx
[Tue Oct 18 09:19:53 PM CST 2022] Single domain='demo.com'
[Tue Oct 18 09:19:53 PM CST 2022] Getting domain auth token for each domain
[Tue Oct 18 09:20:06 PM CST 2022] Getting webroot for domain='demo.com'
[Tue Oct 18 09:20:06 PM CST 2022] api.lyxszj.com is already verified, skip dns-01.
[Tue Oct 18 09:20:06 PM CST 2022] Verify finished, start to sign.
[Tue Oct 18 09:20:06 PM CST 2022] Lets finalize the order.
[Tue Oct 18 09:20:06 PM CST 2022] Le_OrderFinalize='https://acme.freessl.cn/v2/DV90/finalize/xxxxxxxxxxx'
[Tue Oct 18 09:20:07 PM CST 2022] Order status is processing, lets sleep and retry.
[Tue Oct 18 09:20:10 PM CST 2022] Polling order status: https://acme.freessl.cn/v2/DV90/order/xxxxxxxxxxxxxxx3
[Tue Oct 18 09:20:10 PM CST 2022] Order status is processing, lets sleep and retry.
[Tue Oct 18 09:20:10 PM CST 2022] Retry after: 15
[Tue Oct 18 09:20:26 PM CST 2022] Polling order status: https://acme.freessl.cn/v2/DV90/order/xxxxxxxxxxxxxxxxx
[Tue Oct 18 09:20:26 PM CST 2022] Downloading cert.
[Tue Oct 18 09:20:26 PM CST 2022] Le_LinkCert='https://acme.freessl.cn/v2/DV90/cert/xxxxxxxxxxxxxxxx'
[Tue Oct 18 09:20:27 PM CST 2022] Cert success.
-----BEGIN CERTIFICATE-----
/*此处为证书内容*/
-----END CERTIFICATE-----
[Tue Oct 18 09:20:27 PM CST 2022] Your cert is in: /root/.acme.sh/demo.com/demo.com.cer
[Tue Oct 18 09:20:27 PM CST 2022] Your cert key is in: /root/.acme.sh/demo.com/demo.com.key
[Tue Oct 18 09:20:27 PM CST 2022] The intermediate CA cert is in: /root/.acme.sh/demo.com/ca.cer
[Tue Oct 18 09:20:27 PM CST 2022] And the full chain certs is there: /root/.acme.sh/demo.com/fullchain.cer

3,在nginx上配置证书地址

server {
    listen       80;
    listen 443 ssl;
    server_name  demo.com;
    #此处用的这个证书，不然cdn回源会返回502/522错误
    ssl_certificate /root/.acme.sh/demo.com/fullchain.cer;
    ssl_certificate_key /root/.acme.sh/demo.com/demo.com.key; 
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2; #按照这个协议配置
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
    ssl_prefer_server_ciphers on;
    if ($scheme = http ) {return 301 https://$host$request_uri;}
    location / {
        proxy_pass http://0.0.0.0:5000;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

标签：ACME,证书,09,Oct,ssl,2022,CST,Tue,PM
From： https://www.cnblogs.com/hy999/p/tools_acmesh_nginx.html