注册zerossl
https://app.zerossl.com/signup
需要进行谷歌reCaptcha验证,国内用户无法加载,导致无法注册,解决方法:
方法一
梯子
方法二
浏览器插件
方法来源:https://blog.azurezeng.com/recaptcha-use-in-china/
浏览器应用商店安装Header Editor,导入配置
配置:https://azurezeng.github.io/static/HE-GoogleRedirect.json
配置备份:https://djj45-1304393635.cos.ap-guangzhou.myqcloud.com/blog/HE-GoogleRedirect.json
注册登录后依次点击Develop,Generate,记下eab-kid与eab-hmac-key
安装acme.sh
1
2
3
4
5
6
7
| curl https://get.acme.sh | sh
alias acme.sh=~/.acme.sh/acme.sh
acme.sh --register-account --server zerossl \
--eab-kid your-eab-kid \
--eab-hmac-key your-eab-hmac-key
|
Cloudflare
获取区域ID与账户ID
得到CF_Account_ID和CF_Zone_ID
新建自定义API令牌
创建完得到CF_Token
设置环境变量
1
2
3
| export CF_Token="xxxxxxxxxxxxxxxxxx"
export CF_Account_ID="xxxxxxxxxxxxx"
export CF_Zone_ID="xxxxxxxxxxxxxxxx"
|
DNS解析
申请证书
1
2
|
acme.sh --issue --dns dns_cf -d djj45.com -d *.djj45.com
|
安装证书
1
2
3
4
5
6
7
8
|
acme.sh --install-cert -d djj45.com \
--key-file /var/www/ssl/key.pem \
--fullchain-file /var/www/ssl/cert.pem \
--reloadcmd "service nginx force-reload"
acme.sh --list
|
卸载acme.sh
1
2
| acme.sh --uninstall
rm -rf ~/.acme.sh/
|
Nginx配置
1
2
3
4
5
6
7
8
|
wget http://soft.vpser.net/lnmp/lnmp1.9.tar.gz -cO lnmp1.9.tar.gz && tar zxf lnmp1.9.tar.gz && cd lnmp1.9 && ./install.sh nginx
nginx -t
vim /usr/local/nginx/conf/nginx.conf
service nginx restart
|
1
2
3
4
5
6
| server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 403;
}
|
1
2
3
4
5
6
7
8
|
server {
listen 80;
server_name djj45.com;
root /var/www/html;
index index.html;
return 301 https://djj45.com$request_uri;
}
|
1
2
3
4
5
6
7
8
9
|
server {
listen 443 ssl;
server_name djj45.com;
root /var/www/html;
index index.html;
ssl_certificate /var/www/ssl/cert.pem;
ssl_certificate_key /var/www/ssl/key.pem;
}
|
1
2
3
4
5
6
7
8
9
10
|
server {
listen 443 ssl;
server_name book.djj45.com;
ssl_certificate /var/www/ssl/cert.pem;
ssl_certificate_key /var/www/ssl/key.pem;
location / {
proxy_pass http://localhost:8083;
}
}
|