-
Nginx服务器安装证书并启用SSL(acme.sh)
前提
- 您已购置vps服务器,例如阿里云全球站ecs、AWS EC2、Azure VM、GCP Compute等
- 安全组已开启80、443端口,且访问源设置为0.0.0.0/0
- 域名已设置A记录指向当前操作服务器,若您使用aws ec2,有公有 IPv4 DNS,可供使用
安装Acme.sh并申请证书Step-By-Step
Ubuntu—EasyWay
cat >> install-CA.sh << EOF #!/bin/bash rm -rf /etc/nginx/cert/ && mkdir /etc/nginx/cert/ read -p "Enter your domain: " domain rootDomain=\`echo $domain|cut -d '.' -f2-\` apt -y install wget unzip socat curl https://get.acme.sh | sh rm -rf /usr/local/bin/acme.sh ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh acme.sh --register-account -m admin@$rootDomain acme.sh --issue -d ${domain} --standalone -k ec-256 cp /root/.acme.sh/${domain}_ecc/fullchain.cer /etc/nginx/cert/server.cert cp /root/.acme.sh/${domain}_ecc/${domain}.key /etc/nginx/cert/server.key acme.sh --installcert -d ${domain} --ecc --key-file /etc/nginx/cert/server.key --fullchain-file /etc/nginx/cert/server.cert systemctl start nginx EOF- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
CentOS—EasyWay
cat >> install-CA.sh << EOF #!/bin/bash rm -rf /etc/nginx/cert/ && mkdir /etc/nginx/cert/ read -p "Enter your domain: " domain rootDomain=\`echo $domain|cut -d '.' -f2-\` yum -y install wget unzip socat curl https://get.acme.sh | sh rm -rf /usr/bin/acme.sh ln -s /root/.acme.sh/acme.sh /usr/bin/acme.sh acme.sh --register-account -m admin@$rootDomain acme.sh --issue -d ${domain} --standalone -k ec-256 cp /root/.acme.sh/${domain}_ecc/fullchain.cer /etc/nginx/cert/server.cert cp /root/.acme.sh/${domain}_ecc/${domain}.key /etc/nginx/cert/server.key acme.sh --installcert -d ${domain} --ecc --key-file /etc/nginx/cert/server.key --fullchain-file /etc/nginx/cert/server.cert systemctl start nginx EOF- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
nginx配置设置—以centos为例
修改nginx.conf的内容
取消Settings for a TLS enabled server下的注释内容
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name YourDomain; root /usr/share/nginx/html; ssl_certificate "/etc/nginx/cert/server.cert"; ssl_certificate_key "/etc/nginx/cert/server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers DEFAULT; # This is default SSL_ciphers setting,if you get error,you can change it like me,set DEFAULT #ssl_ciphers PROFILE=SYSTEM; ssl_prefer_server_ciphers on; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
Trouble Shooting
SSL_CTX_set_cipher_list:no cipher match
报错信息
[emerg] 11926#11926: SSL_CTX_set_cipher_list("PROFILE=SYSTEM") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)- 1
Solution
将nginx.config默认的ssl_ciphers PROFILE=SYSTEM;设置为ssl_ciphers DEFAULT;
重启nginx即可 -
相关阅读:
【无标题】
【限免】短时傅里叶变换时频分析【附MATLAB代码】
百万消息量IM系统技术要点分享
怎样才能让百度搜索到自己的博客?--九五小庞
element 表格气泡是如何实现的
图像分割笔记(二): 使用YOLOv5-Seg对图像进行分割检测完整版(从自定义数据集到测试验证的完整流程))
【1day】用友时空KSOA平台 unitid接口SQL注入漏洞学习
LuatOS-SOC接口文档(air780E)-- gpio - GPIO操作
SQL_ERROR_INFO: “Duplicate entry ‘9003‘ for key ‘examination_info.exam_id‘“
2020美亚个人赛复盘
- 原文地址:https://blog.csdn.net/fly1574/article/details/134175679
