证书申请
发表更新linux / ssl3 分钟读完 (大约473个字)0次访问

证书申请

acme 申请证书

https://github.com/acmesh-official/acme.sh/wiki/dnsapi

自动 api 申请

1
2
3
apt install socat -y
curl https://get.acme.sh | sh
source ~/.bashrc
1
2
3
cd .acme.sh
export CF_Key="22d99405be4xxxxxxxx"
export CF_Email="xxxxxxxxxx"

CF_KeyCF_EmailCF_TokenCF_Account_ID 将被保存 ~/.acme.sh/account.conf ,需要时会被重用。

1
2
3
4
签发普通 RSA 证书
acme.sh --issue --dns dns_cf -d xxx.com -d *.xxx.com
签发 ECC 证书
acme.sh --issue --dns dns_cf --keylength ec-256 -d xxx.com -d *.xxx.com

现在证书,私钥都可以在 /root/.acme.sh/*.你的域名.com 目录查看了。

安装证书

1
2
3
acme.sh --installcert -d xxx.com --ecc --key-file /etc/nginx/ssl/xxx.com.key \
--fullchain-file /etc/nginx/ssl/xxx.com.cer \
--reloadcmd "service nginx force-reload"

取消证书

1
acme.sh --revoke -d xxx.com --ecc

手动 dns 验证申请

申请

1
2
acme.sh --issue -d xxx.ml --dns \
 --yes-I-know-dns-manual-mode-enough-go-ahead-please

验证 txt 信息

1
2
nslookup -qt=txt _acme-challenge.xxx.com
dig _acme-challenge.xxx.com txt @101.6.6.6 -p 5353 +short

续订

1
2
acme.sh --renew -d xxx.com \
  --yes-I-know-dns-manual-mode-enough-go-ahead-please

查询证书信息

https://www.ssllabs.com/ssltest/analyze.html

nginx 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
server {
  listen 80;
  server_name harlon.me;
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl reuseport;
  server_name harlon.me;
  root /var/www/blog;
    
  ssl_certificate /etc/nginx/ssl/harlon.me.cer;
  ssl_certificate_key /etc/nginx/ssl/harlon.me.key;
    
  ssl_protocols TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ciphers TLS13+AESGCM+AES128:TLS13+AESGCM+AES256:TLS13+CHACHA20:EECDH+ECDSA+AESGCM+AES128:EECDH+ECDSA+CHACHA20:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:EECDH+aRSA+AESGCM+AES128:EECDH+aRSA+CHACHA20:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES;
  ssl_session_timeout 10m;
  ssl_session_cache shared:le_nginx_SSL:10m;
  ssl_buffer_size 1400;
	
  access_log  /var/log/nginx/blog_access.log;
  error_log   /var/log/nginx/blog_error.log;
  error_page 404 =  /404.html;

  location ~* ^.+\.(ico|gif|jpg|jpeg|png)$ {
  root /var/www/blog;
  access_log   off;
  expires      1d;
  }

  location ~* ^.+\.(css|js|txt|xml|swf|wav)$ {
  root /var/www/blog;
  access_log   off;
  expires      10m;
  }

  location / {
      root /var/www/blog;
      if (-f $request_filename) {
      rewrite ^/(.*)$  /$1 break;
      }
  }

  location /nginx_status {
      stub_status on;
      access_log off;
  }

}

满分作文生成网站 nginxconfig.io

#
忙忙忙

目录

链接

分类

最新文章

归档

标签

MTProxy1
N11
Navigation1
adguardhome2
bash1
bbr2
bench2
ccaa1
cf1
chocolatey1
chrome1
cmder1
command1
dns1
docker2
domains1
esxi2
filebrowser1
firewalld1
gwd1
hexo3
iptables1
keyboard1
lede1
linshi1
mtu1
music1
nginx2
nodejs1
package1
port1
redmi1
rss1
rssbot1
scoop1
script1
servercat1
shadowsocks-libev1
software2
ssh1
ssl1
time1
ufw1
vnstat1
vp91
vps3
wordpress1
youtube-dl1
编码1
×