nginx acme自动续期

Last updated on June 22, 2026 pm

🧙 Questions

使用acme.sh自动续期

☄️ Ideas

acme.sh安装
yum install -y git

cd /tmp
git clone https://gitee.com/ispong/acme.sh.git
cd /tmp/acme.sh
./acme.sh --install -m ispong@outlook.com
source /root/.acme.sh/acme.sh.env
acme.sh -v
rm -rf /tmp/acme.sh
常用命令

要给nginx提前配置路径

# 安装和启动nginx
yum install -y nginx
nginx

# 配置nginx配置
mkdir -p /var/www/html
mkdir -p /data/nginx/ssl/

# include /etc/nginx/default.d/*.conf;

vim /etc/nginx/nginx.conf
server {
    listen             80;
    listen             [::]:80;
    server_name        rich.isxcode.com;

    # 80端口号外网一定要能访问 
    location /.well-known/acme-challenge/ {
      root /var/www/html;
    }

    ; 先不跳转https,验证通过再跳转 
    ; location / {
    ;     rewrite ^(.*)$ https://${server_name}$1 permanent;
    ; }
}
; 先不跳转https,验证通过再跳转 
server {
    listen          443 ssl;
    listen          [::]:443 ssl;
    server_name     rich.isxcode.com;

    ; 先不跳转https,验证通过再跳转 
    ; ssl_certificate             "/data/nginx/ssl/rich.isxcode.com.pem";
    ; ssl_certificate_key         "/data/nginx/ssl/rich.isxcode.com.key";
    ssl_session_cache           shared:SSL:1m;
    ssl_session_timeout         10m;
    ssl_ciphers                 HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;

    location / {
        proxy_pass http://172.20.78.84:3000/;
    }

    error_page 404 /404.html;
    location = /40x.html {

    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {

    }
}
acme.sh --set-default-ca --server letsencrypt
# 申请许可证
acme.sh --issue -d rich.isxcode.com -w /var/www/html
acme.sh --list
# 查看定时器
cat /var/spool/cron/root
重新指向路径
acme.sh --install-cert -d rich.isxcode.com \
--key-file       /data/nginx/ssl/rich.isxcode.com.key \
--fullchain-file /data/nginx/ssl/rich.isxcode.com.pem \
--reloadcmd     "nginx -s reload"
删除许可证
# acme.sh --list
acme.sh --remove -d zhiliuyun.isxcode.com

刷新许可证

acme.sh --renew -d zhiliuyun.isxcode.com --force
acme.sh --renew-all

百度使用域名验证

scp baidu_verify_codeva-H3ewXxGd90.html root@zhihuiyun.isxcode.com:/tmp
server {
    listen          443 ssl;
    listen          [::]:443 ssl;
    server_name     zhiliuyun.isxcode.com;

    ssl_certificate             "/data/nginx/ssl/zhiliuyun.isxcode.com.pem";
    ssl_certificate_key         "/data/nginx/ssl/zhiliuyun.isxcode.com.key";
    ssl_session_cache           shared:SSL:1m;
    ssl_session_timeout         10m;
    ssl_ciphers                 HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;

    location / {
        proxy_pass http://172.20.78.84:3000/;
    }

    location = /baidu_verify_codeva-MGVtfMRxj6.html {
        alias /tmp/baidu_verify_codeva-MGVtfMRxj6.html;
    }

    error_page 404 /404.html;
    location = /40x.html {

    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {

    }
}
nginx
nginx acme自动续期
https://ispong.isxcode.com/vue/nginx/nginx acme自动续期/
Author
ispong
Posted on
February 8, 2025
Licensed under