本文已废弃

参考链接

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
mkdir /var/www/acme

git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install --home /var/www/acme
cd /var/www/acme

## 以 DNSPod 为例
export DP_Id="xxxxx"
export DP_Key="xxxxxxxxxxxxxxx"

./acme.sh --issue --dns dns_dp -d xxx.com -d "*.xxx.com" --certhome /var/www/acme

## 将生成的证书文件配置后重启服务即可
sudo systemctl reload nginx

自动更新脚本

编辑脚本 /var/www/acme/renew_cert.sh

1
2
3
4
5
6
7
8
9
10
11
#!/bin/bash

__DIR__=`cd "$(dirname "$0")"; pwd`
cd "${__DIR__}"

export DP_Id="xxxxx"
export DP_Key="xxxxxxxxxxxxxxx"

./acme.sh --issue --dns dns_dp -d xxx.com -d "*.xxx.com" --certhome /var/www/acme --force

sudo systemctl reload nginx

root 用户运行 crontab -e

1
0 0 1 * * /var/www/acme/renew_cert.sh

Nginx 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
server {
    #######################
    listen 443;
    listen [::]:443;
    
    ssl on;
    ssl_certificate     /var/www/acme/xxx.com/fullchain.cer;
    ssl_certificate_key /var/www/acme/xxx.com/xxx.com.key;
    #######################

    root /var/www/xxx.com;
    index index.html index.htm;

    server_name xxx.com www.xxx.com;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }
}

server {
    listen 80;
    server_name xxx.com www.xxx.com;

    location / {
        rewrite ^/(.*)$ https://$server_name/$1 permanent;
    }
}