生成ssl证书并配置到nginx
- 安装证书生成工具
apt-get update
apt install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot python3-certbot-nginx
-
生成证书
首先在新网上创建一个A链接,域名与服务器做绑定
命令生成证书:
certbot certonly --preferred-challenges dns -d test.test.com --register-unsafely-without-email --manual
看到上面图片后,在新网上继续生成一条text记录,
保存之后,执行回车,就会生成证书了
位置:/etc/letsencrypt/live/test.test.com 下面
证书生成完成。
3. 配置nginx
安装ngxin
apt-get install nginx
配置文件
vim /etc/nginx/conf/nginx.conf
server {
listen 443 ssl;
server_name test.test.com;
ssl_certificate "/etc/letsencrypt/live/test.test.com/fullchain1.pem";
ssl_certificate_key "/etc/letsencrypt/live/test.test.com/privkey1.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
#ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
default_type application/wasm;
location / {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Cross-Origin-Opener-Policy' 'same-origin';
add_header 'Cross-Origin-Embedder-Policy' 'require-corp';
add_header 'Cache-Control ' 'max-age=120';
index index.html index.htm;
}
}
nginx -s reload
证书配置好了
证书可以自动续签的,打开服务,设置开机自启动
systemctl start certbot.timer
systemctl enable certbot.timer
但是要监听续签之后要重新加载nginx配置
nginx -s reload