:(用的)
https://www.coderecord.cn/lets-encrypt-wildcard-certificates.html :acme.sh
vim .acme.sh/account.conf
SAVED_GD_Key='************************************'
SAVED_GD_Secret='***********************************'
根据个人情况设定域名商
./.acme.sh/acme.sh --issue -d sensen.com -d *.sensen.com --dns dns_gd
acme.sh --installcert -d sensen.com -d *.sensen.com --keypath /etc/nginx/ssl/jwsmed.com.key --fullchainpat /etc/nginx/ssl/fullchain.cer --reloadcmd "systemctl restart nginx"
原理:前端为SLB 后端devs.sensen.com 配置nginx做分发; 监听443和80端口,用nginx代理其它需要证书服务器
nginx配置
ssl.conf (通配)
ssl_certificate /etc/nginx/ssl/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/sensen.com.key;
https.conf
ssl_certificate /etc/nginx/ssl/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/luoluo.com.key;
server {
listen 80;
server_name *.luoluo.com luoluo.com;
rewrite ^ https://$http_host$request_uri? permanent;
}