Skip to content
logo
Wiki
LatestTwitterBlog
About
NewsletterNowAboutGithubSource Code
Recently Updated
04-07: Everything I Know by Owen
04-06: About Me and the Wiki
04-06: What I’m doing now?
03-24: 所思所想
03-22: Awesome Open Source
03-22: Awesome Static Site Generator
03-22: 2022 Goals
03-22: 探索互联网上高质量的内容
03-22: 最好用的工具集合
03-20: Awesome Chat
03-19: 收集英语学习工具
03-19: 2022年的一些记录
03-19: 收集发人深省的话
03-18: 读书笔记
03-18: 2022年读书笔记

Tags

API (2)
Actions (1)
Admin (1)
Algorithm (1)
Alternatives (1)
Answer (1)
Application (1)
Approvals (1)
Articles (1)
Ask (1)
Auth (3)
Automations (1)
Awesome (77)
BBR (1)
BT (2)
Bash (3)
Benchmark (1)
Books (3)
Browser (1)
CSS (2)
Caddy (1)
CentOS (1)
Chat (1)
China (1)
Code (1)
Command (1)
Commands (1)
Communities (1)
Comparison (1)
DDos (1)
Dashboard (1)
Data (1)
Database (1)
Date (1)
Debian (10)
Decentralization (1)
Deno (2)
Development-Environment (1)
Docker (2)
Downloads (2)
Editors (3)
Email (1)
English (1)
Explore (1)
Extensions (1)
FAQ (2)
Files (4)
Flutter (1)
Following (1)
Free (1)
Front-End (2)
Frontend (1)
Git (4)
Github (1)
Go (1)
HTTPS (1)
在中国自动生成免费HTTPS证书的最佳方案
Home (1)
House (1)
ID (1)
Indexes (1)
Inspires (1)
Interview (1)
Investing (1)
JSOn (1)
Jackett (2)
Javascript (5)
Jellyfin (1)
Jobs (1)
Jokes (1)
Journal (3)
KOL (1)
Language (1)
Learning (3)
License (1)
Life (2)
Linux (3)
List (3)
Log (1)
Low-Code (1)
MacOS (1)
Makefile - Templates - Workflows (1)
Maker (1)
Mastdon (1)
Me (4)
Medias (9)
Metube (1)
Mirrors (1)
Monitor (1)
Monorepo (1)
Movies (2)
Music (1)
NSFW (1)
Netdata (1)
Netwok (1)
News (1)
Nginx (1)
Notes (5)
Now (1)
Open Source (1)
PHP (1)
Peertube (1)
People (1)
Postgres (2)
Postgresql (1)
Privacy (1)
Products (1)
Programming-Languages (3)
Projects (1)
Protocol (1)
Proxies (5)
Quotes (2)
RSS (1)
Radarr (1)
Rclone (1)
Recommend (1)
Resource (1)
Ruby (1)
Rust (4)
SEO (1)
SSH (1)
SSL (1)
在中国自动生成免费HTTPS证书的最佳方案
SVG (1)
Satire (1)
Schema (1)
Self-Hosted (8)
Semantic (1)
Server (6)
Serverless (1)
Service (1)
Setup (20)
Shadowsocks (1)
Social (3)
Sonarr (1)
Sources (1)
Speed (1)
Standard (1)
Startups (1)
Static-Site-Generator (1)
Stocks (2)
Stop (1)
Subtitles (2)
Swift (1)
TV (3)
Tech (1)
Templates (3)
Things (1)
Thinking (1)
Tips (14)
Todo (3)
Tools (10)
Torrents (2)
Travel (1)
Trends (1)
Tweet (1)
UI (1)
URL (1)
VS Code (1)
Vim (1)
Wikipedia (1)
Windows (1)
Wish (1)
Workflows (3)
Writing (1)
Year2021 (2)
Year2022 (2)
Youtube (1)
depression (1)
mac (1)
qBittorrent (1)
setup (1)
中文 (18)
冷知识 (1)

在中国自动生成免费HTTPS证书的最佳方案

Certbot 自动生成 Lets encrypt 的方案已经被墙了,经过各种尝试之后,发现基于 amce.sh+cloudflare 的 dns 解析是最方便无痛的.

  1. 下载 acme 工具:

    # 用root用户权限,因为涉及到操作nginx
     sudo su
     wget -O -  https://get.acme.sh | sh -s email=my@example.com

  2. 域名在 Cloudflare 解析

  3. 在某个域名的 dashboard 面板右侧找到 Account ID, 记录下备用。

  4. 进入https://dash.cloudflare.com/profile/api-tokens,生成一个 API Token,选择Edit Zone 模版,Zone Resources 选择 All Zones,生成,  把以下的信息保存到 ~/.bashrc

    export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
    export CF_Account_ID="xxxxxxxxxxxxx"
    source ~/.bashrc

    如果有什么不清楚的,可以参考文档: https://github.com/acmesh-official/acme.sh/wiki/dnsapi

  5. 签发证书,运行 acme.sh --issue --dns dns_cf -d example.com --server letsencrypt

  6. 安装证书到指定目录:

acme.sh --install-cert -d example.com \
--key-file       /etc/nginx/ssl/example.com.key  \
--fullchain-file /etc/nginx/ssl/example.com.crt \
--reloadcmd     "service nginx force-reload"

之后 acme 会自动添加 cron 任务,自动续期期限

  1. nginx 配置参考

可以在这里 在线生成一份合适的 ssl 配置

生成后,首次需要初始化 Diffie-Hellman keys:openssl dhparam -out /etc/nginx/dhparam.pem 2048

然后运行 sudo nginx -t && sudo systemctl reload nginx

Tags

Edit this page
Last updated on 11/20/2021