注意:acme.sh 默认从之前的Let's Encrypt已更换为 ZeroSSL
cd /root #进入root用户根目录
安装很简单, 一个命令:
curl https://get.acme.sh | sh -s email=my@example.com设置DNSPOD的接口变量ID和token
export DP_Id="1234" export DP_Key="sADDsdasdgdsf"
cd /root/.acme.sh acme.sh --issue --dns dns_dp -d aa.com -d www.aa.com
将生成的证书文件xxx.com.key和 fullchain.cer 拷贝到/etc/nginx/ssl/目录下或者你喜欢的目录下。
修改nginx配置文件:
server {
#listen 80 default;
listen 443 ssl default_server;
server_name www.xxx.com;
client_max_body_size 30M;
if ($host ~ "d+.d+.d+.d") {
return 404;
}
location /robots.txt {
return 200 "User-agent: *
Disallow:";
}
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
real_ip_header CF-Connecting-IP;
#client_max_body_size 50m;
}
ssl_certificate /etc/nginx/ssl/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/www.xxx.com.key;
}
acme.sh --uninstall #卸载命令
The keys and certs are in "/root/.acme.sh", you can remove them by yourself.
密钥和证书在“/root/.acme.sh”中,您可以自行删除它们。
rm -rf /root/.acme.sh #卸载后删除acme.sh脚本目录
本文参考 https://www.rsyncd.net/886.html