0,下载并安装
1
2
| curl https://get.acme.sh | sh -s [email protected]
ln -s /root/.acme.sh/acme.sh /usr/bin/
|
1,nginx配置,务必要在配置里加上这几行,要申请server_name域名对应的配置文件
1
2
3
| location ~ \.well-known{
allow all;
}
|
2,确保域名解析对应申请证书的这台服务器ip,开启nginx服务.
-w 后面接的是域名对应的根目录,目录下需要有.well-known目录
1
2
| mkdir /usr/share/nginx/html/.well-known
acme.sh --issue -d a.com -d b.com -d n.com -w /usr/share/nginx/html
|
3, 最后会生成域名证书
1
| 路径是: /root/.acme/domain/fullchain.cer 和 domain.key
|
4, 配置到nginx即可
1
2
3
| ssl_certificate conf/key/domain/fullchain.cer;
ssl_certificate_key conf/key/domain/domain.com.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
5, 将申请证书的请求转发到统一的证书申请服务器
Nginx配置转发
1
2
3
4
5
6
| server_name aaa.hello.com;
......
location ~ \.well-known{
proxy_pass http://your-cert-server;
allow all;
}
|
Apache配置转发
1
2
3
4
5
| <VirtualHost *:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/.well-known/
RewriteRule ^(.*)$ http://your-cert-server/$1 [P]
</VirtualHost>
|