免费SSL通配证书(基于Let's Encrypt)
一、配置 Docker 国内镜像加速
1️⃣ 国内网络连不上docker官方镜像源,需要添加国内的
2️⃣ 创建 / 修改 Docker 配置,如果是阿里云、腾讯云,则建议接入自己云厂家的docker镜像源(地址问AI或客服)
vi /etc/docker/daemon.json
{ "live-restore": true, "registry-mirrors": [ "https://docker.1ms.run" ] }
3️⃣ 重启 Docker 使配置生效,注意这会关停 / 重启所有正在运行的docker容器
systemctl daemon-reload
systemctl restart docker
4️⃣ 测试docker镜像是否可用
docker pull hello-world
二、Let's Encrypt 证书生成
手动验证DNS方式,命令运行时会暂停提示
1、第一次生成时,输入证书过期提醒的邮箱地址;
2、手动复制TXT记录到域名解析管理后台,配置好后等十分钟左右再回按回车进行下一步;
docker run -it --rm \ -v /etc/letsencrypt:/etc/letsencrypt \ -v /var/lib/letsencrypt:/var/lib/letsencrypt \ certbot/certbot \ certonly --manual \ --preferred-challenges dns-01 \ --server https://acme-v02.api.letsencrypt.org/directory \ -d "*.batsing.com" -d "batsing.com"
这段代码的意思是,用docker的方式安装运行certbot容器,运行后删除,参数是手动验签DNS
生成的证书在这里:
/etc/letsencrypt/live/batsing.com/
├── fullchain.pem
├── privkey.pem
├── chain.pem
└── cert.pem
Nginx 用这两个即可:
ssl_certificate /etc/letsencrypt/live/batsing.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/batsing.com/privkey.pem;
三、Nginx配置SSL证书
ssl.conf-2
ssl_certificate /etc/letsencrypt/live/batsing.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/batsing.com/privkey.pem; ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;
www.conf
server { listen 443 ssl; server_name batsing.com www.batsing.com; #SSL证书 include vhosts/batsing/ssl.conf-2; #项目目录,反向代理等配置 } #通配 HTTP -> HTTPS server { listen 80; server_name batsing.com *.batsing.com; return 301 https://$host$request_uri; }
四、阿里云自动续签
待续,域名还没转到阿里云,到时直接用这一段问元宝AI
docker run -it --rm \ -v /etc/letsencrypt:/etc/letsencrypt \ -v /var/lib/letsencrypt:/var/lib/letsencrypt \ certbot/certbot \ certonly --manual \ --preferred-challenges dns-01 \ --server https://acme-v02.api.letsencrypt.org/directory \ -d "*.batsing.com" -d batsing.com 如何配置阿里云的自动续签
1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟
浙公网安备 33010602011771号