购买免费证书
购买之后
申请证书
该域名必须添加一条TXT记录
根据提示添加记录
下载证书
我用的nginx做的映射,所以下载nginx
nginx安装自行百度
将下载的文件解压到nginx目录下(创建一个cert目录)
添加配置
server {
listen 443 ssl;
server_name www.xsport.site; #你的域名
ssl_certificate /usr/local/nginx/cert/2780413_www.xsport.site.pem; #改成你的证书的名字
ssl_certificate_key /usr/local/nginx/cert/2780413_www.xsport.site.key; #你的证书的名字
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /usr/local/nginx/nginx.log;
error_page 500 502 503 504 /50x.html;
error_page 404 /404.html;
location / {
root /usr/local/nginx/html;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.xsport.site;
return 301 https://$host$request_uri;# 用于转发http到https
}
如果报错,报 nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/con.d/xxx.conf:38
进入Nginx安装目录:
cd /usr/local/java/nginx-1.17.3
./configure --with-http_ssl_module
make
备份原nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak,然后输入Y
覆盖旧的:cp /usr/local/java/nginx-1.17.3/objs/nginx /usr/local/nginx/sbin/nginx
直接reload重启,可能没启动成功443的监听
建议先关闭nginx,再启动
如果报 nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
查看端口
netstat -ntlp
kill掉使用80端口的pid
启动 nginx
访问
记得开放443端口