Nginx服务器安装证书并启用SSL(acme.sh)-Toy模板网

这篇具有很好参考价值的文章主要介绍了Nginx服务器安装证书并启用SSL(acme.sh)。希望对大家有所帮助。如果存在错误或未考虑完全的地方，请大家不吝赐教，您也可以点击"举报违法"按钮提交疑问。

前提

您已购置vps服务器，例如阿里云全球站ecs、AWS EC2、Azure VM、GCP Compute等
安全组已开启80、443端口，且访问源设置为0.0.0.0/0
域名已设置A记录指向当前操作服务器，若您使用aws ec2，有公有 IPv4 DNS，可供使用

安装Acme.sh并申请证书Step-By-Step

Ubuntu—EasyWay

cat >> install-CA.sh << EOF
#!/bin/bash
rm -rf /etc/nginx/cert/ && mkdir /etc/nginx/cert/
read -p "Enter your domain: " domain
rootDomain=\`echo $domain|cut -d '.' -f2-\`
apt -y install wget unzip socat
curl https://get.acme.sh | sh
rm -rf /usr/local/bin/acme.sh
ln -s  /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
acme.sh --register-account -m admin@$rootDomain
acme.sh  --issue -d ${domain}  --standalone -k ec-256
cp /root/.acme.sh/${domain}_ecc/fullchain.cer /etc/nginx/cert/server.cert
cp /root/.acme.sh/${domain}_ecc/${domain}.key /etc/nginx/cert/server.key
acme.sh --installcert -d ${domain} --ecc  --key-file   /etc/nginx/cert/server.key   --fullchain-file /etc/nginx/cert/server.cert
systemctl start nginx
EOF

CentOS—EasyWay

cat >> install-CA.sh << EOF
#!/bin/bash
rm -rf /etc/nginx/cert/ && mkdir /etc/nginx/cert/
read -p "Enter your domain: " domain
rootDomain=\`echo $domain|cut -d '.' -f2-\`
yum -y install wget unzip socat
curl https://get.acme.sh | sh
rm -rf /usr/bin/acme.sh
ln -s  /root/.acme.sh/acme.sh /usr/bin/acme.sh
acme.sh --register-account -m admin@$rootDomain
acme.sh  --issue -d ${domain}  --standalone -k ec-256
cp /root/.acme.sh/${domain}_ecc/fullchain.cer /etc/nginx/cert/server.cert
cp /root/.acme.sh/${domain}_ecc/${domain}.key /etc/nginx/cert/server.key
acme.sh --installcert -d ${domain} --ecc  --key-file   /etc/nginx/cert/server.key   --fullchain-file /etc/nginx/cert/server.cert
systemctl start nginx
EOF

nginx配置设置—以centos为例

修改nginx.conf的内容

取消Settings for a TLS enabled server下的注释内容

    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  YourDomain;
        root         /usr/share/nginx/html;

        ssl_certificate "/etc/nginx/cert/server.cert";
        ssl_certificate_key "/etc/nginx/cert/server.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers DEFAULT;
        # This is default SSL_ciphers setting,if you get error,you can change it like me,set DEFAULT
        #ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on; 

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
            location = /40x.html {
        }   

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }   
    }

failed (ssl: error:1410d0b9:ssl routines:ssl_ctx_set_cipher_list:no cipher m,Linux操作合集,Ubuntu,AWS,nginx,服务器,ssl,CA证书

Trouble Shooting

SSL_CTX_set_cipher_list:no cipher match

报错信息

[emerg] 11926#11926: SSL_CTX_set_cipher_list("PROFILE=SYSTEM") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)

Solution

将nginx.config默认的ssl_ciphers PROFILE=SYSTEM;设置为ssl_ciphers DEFAULT;
重启nginx即可文章来源地址https://www.toymoban.com/news/detail-783403.html

到了这里，关于Nginx服务器安装证书并启用SSL(acme.sh)的文章就介绍完了。如果您还想了解更多内容，请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章，希望大家以后多多支持TOY模板网！

Nginx服务器安装证书并启用SSL(acme.sh)

前提

安装Acme.sh并申请证书Step-By-Step

Ubuntu—EasyWay

CentOS—EasyWay

nginx配置设置—以centos为例

修改nginx.conf的内容

Trouble Shooting

SSL_CTX_set_cipher_list:no cipher match

报错信息

Solution

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏

支付宝扫一扫领取红包，优惠每天领

二维码1

二维码2