nginx ssl

🧙 Questions

• 使用freessl配置ssl
• 使用阿里云配置ssl

☄️ Ideas

使用freessl配置ssl

• https://freessl.cn/

登录账号，输入域名 isxcode.com，选择品牌

配置域名认证

校验

通过certbot安装

默认下载路径 /etc/letsencrypt/archive/isxcode.com/
NOTE:
命令中取消 www.isxcode.com

sudo yum install -y certbot
sudo pip uninstall urllib3
sudo pip install urllib3==1.21.1
sudo pip install --upgrade --force-reinstall 'requests==2.6.0'
sudo certbot certonly --manual -d isxcode.com --server https://acme.freessl.cn/v2/DV90/directory/b2s82ileo16ty8uzgg8k
sudo chown -R ispong:ispong /etc/letsencrypt/archive/

将密钥文件复制到指定路径

cp /etc/letsencrypt/archive/isxcode.com/fullchain1.pem /data/ssl/isxcode.com/full_chain.pem
cp /etc/letsencrypt/archive/isxcode.com/privkey1.pem /data/ssl/isxcode.com/private.key

配置nginx.conf

vim /etc/nginx/nginx.conf

http {
    server {
        listen             80;
        server_name        isxcode.com;
        rewrite ^(.*)$ https://${server_name}$1 permanent;
    }

    server {
        listen              443 ssl;
        server_name         isxcode.com;
        ssl_certificate     /data/ssl/isxcode.com/full_chain.pem;
        ssl_certificate_key /data/ssl/isxcode.com/private.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;

        location / {
            root   /usr/share/nginx/html/blog/public/;
            index  index.html index.htm;
            try_files $uri $uri/ /index.html;
        }
    }
}

手动续约

sudo certbot renew --dry-run

使用阿里云配置ssl

创建证书

🔗 Links

• nginx website
• freessl generate
• freessl