域名使用的dnspod, dnspod在安全设置中可以开通API TOKEN,获得ID,Token
curl https://get.acme.sh | sh
cd /.acme.sh
export DP_Id="7xxx5"
export DP_Key="fbbb7e86xxxxxxxxxxx89791f4f2e78"
./acme.sh --issue --dns dns_dp -d *.safecode.cc --debug
执行结束,可以看到生成的证书
[Tue Nov 6 09:29:27 UTC 2018] Your cert is in /root/.acme.sh/*.safecode.cc/*.safecode.cc.cer
[Tue Nov 6 09:29:27 UTC 2018] Your cert key is in /root/.acme.sh/*.safecode.cc/*.safecode.cc.key
[Tue Nov 6 09:29:27 UTC 2018] v2 chain.
[Tue Nov 6 09:29:27 UTC 2018] The intermediate CA cert is in /root/.acme.sh/*.safecode.cc/ca.cer
[Tue Nov 6 09:29:27 UTC 2018] And the full chain certs is there: /root/.acme.sh/*.safecode.cc/fullchain.cer
[Tue Nov 6 09:29:27 UTC 2018] _on_issue_success
更新Nginx配置
server {
listen 80;
server_name www.safecode.cc;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
ssl on;
ssl_certificate /root/.acme.sh/*.safecode.cc/*.safecode.cc.cer;
#ssl_certificate /etc/letsencrypt/live/www.safecode.cc/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/www.safecode.cc/privkey.pem;
ssl_certificate_key /root/.acme.sh/*.safecode.cc/*.safecode.cc.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
server_name www.safecode.cc;
index index.html index.htm index.php default.html default.htm default.php;
root /usr/share/nginx/html;
location ~* \.php$ {
fastcgi_pass unix:/run/php-fpm/fpm-www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
网友评论