安装环境 centOs7
主要通过 acme.sh (bash脚本)来注册签名
git地址:https://github.com/Neilpang/acme.sh
申请证书流程
1.申请证书->它有多种方法验证你的域名 (我这里用DNS 方式 验证域名)
①.先设置你的服务商api秘钥(我这个是阿里云的配置方法)---(其他的见下表)
---你的DNS服务商 apiKey export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" ---你的DNS服务商 apiSec export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
②.申请授权通配符证书
-----申请授权通配符证书 acme.sh --issue --dns dns_ali -d hjrxxkj.com -d *.hjrxxkj.com
--dns 后接DNS 服务提供商简称(我是阿里云的所以填 ali)
| 服务商名称 | 服务商简称 | 所需API参数 | 获取API参数地址 |
|---|---|---|---|
| cloudxns | cx | export CX_Key="123456" export CX_Secret="abcdef" |
点击访问 |
| dnspod (cn大陆版) | dp | export DP_Id="123456" export DP_Key="abcdef" |
点击访问 |
| aliyun | ali | export Ali_Key="123456" export Ali_Secret="abcdef" |
点击访问 |
| cloudflare | cf | export CF_Key="123456" export CF_Email="abc@example.com" |
点击访问 |
| linode | linode | export LINODE_API_KEY="123456" | 点击访问 |
| he | he | export HE_Username="username" export HE_Password="password" |
he的用户名密码 |
| digitalocean | dgon | export DO_API_KEY="123456" | 点击访问 |
| namesilo | namesilo | export Namesilo_Key="123456" | 点击访问 |
| aws | aws | export AWS_ACCESS_KEY_ID=123456 export AWS_SECRET_ACCESS_KEY=abcdef |
点击访问 |
| namecom | namecom | export Namecom_Username="username" export Namecom_Token="123456" |
点击访问 |
| freedns | freedns | export FREEDNS_User="username" export FREEDNS_Password="password" |
freedns的用户名密码 |
| godaddy | gd | export GD_Key="123456" export GD_Secret="abcdef" |
点击访问 |
2.安装证书
acme.sh --install-cert -d hjrxxkj.com --cert-file /usr/local/nginx/conf/cert/hjrxxkj.com.cer --key-file /usr/local/nginx/conf/cert/hjrxxkj.com.key --fullchain-file /usr/local/nginx/conf/cert/hjrxxkj.com.fullchain.cer --reloadcmd "service nginx restart"
3.配置证书到你的 服务器(apache,nginx)等(我这个是Nginx的)
server { listen 443; server_name api.hjrxxkj.com; root /home/www/anran/client/web; index index.html index.htm index.php; location / { root /home/www/default; index index.html index.htm index.php; } include enable-php.conf; if (!-e $request_filename){ rewrite ^(.*)$ /index.php; } ssl on; ssl_certificate /usr/local/nginx/conf/cert/hjrxxkj.com.cer; ssl_certificate_key /usr/local/nginx/conf/cert/hjrxxkj.com.key; ssl_session_timeout 1d; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_session_cache shared:SSL:50m; ssl_session_tickets on; # ssl_stapling on; # ssl_stapling_verify on; # resolver 114.114.114.114 valid=300s; # resolver_timeout 10s; }
4.重启你的服务器,然后你就可以使用Https啦!
安装完证书效果:
