lets encrypt 申请nginx 泛域名

1. 安装certbot工具
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
2. 申请通配符域名
./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d "*.partyun.com" --manual --preferred-challenges dns-01 certonly

备注:会有提示需要进行txt 记录的添加,生成证书在/etc/letsencrypt/live目录下
3. 配置证书(泛域名)
参考:
server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  *.partyun.com;
        root         /usr/share/nginx/html;
        ssl_certificate /etc/letsencrypt/live/partyun.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/partyun.com/privkey.pem;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        location / {
          index index.html index.htm;
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
4. 测试
 
5. 参考资料
https://github.com/certbot/certbot
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578

posted on 2018-03-16 10:30  荣锋亮  阅读(922)  评论(2编辑  收藏  举报

导航