Last update at :2024-06-23,Edit by888u
Let\\’s Encrypt merchants can indeed bring a lot of benefits to users by supporting pan-domain SSL certificates. The most important thing is that it is free and most software vendors still support it well. Compared with the past, it was really troublesome to use only a single domain name. It was troublesome to re-apply for management of multiple second-level domain names separately. But now we can directly apply for a pan-domain name certificate without such trouble.
The snail is ahead\\"Let\\’s Encrypt apply for a pan-domain SSL certificate and cooperate with the DNSPOD API to quickly obtain it\\". The article introduces that if the domain name uses DNSPOD resolution, you can quickly apply for a pan-domain SSL certificate. Some users mentioned that they are using other DNS and how to apply quickly. I will share this snail later when I find time. It is really troublesome to write a tutorial every time.
In this article, we need to share how to install the Let\\’s Encrypt SSL pan-domain name certificate into the website after we apply for it. Today, we will test how to install the certificate on the Nginx Web environment website. It is slightly similar to what we commonly see, except that individual files are different.
Note: According to the official document installation requirements, the generated certificate file cannot be directly referenced. The best way is to use installcert to copy it to the required location. Specific reference: https://github.com/Neilpang/acme.sh#3-install-the-issued-cert-to-apachenginx-etc, and the method posted by netizens in the message box. I'll sort it out later.
First, find our certificate file
The certificate file is in \\"/root/.acme.sh/\\" for the website domain name directory. It is recommended that we do not copy the certificate and store it separately, because this installation certificate script comes with an automatic renewal function, so it cannot be automatically renewed after being copied. Two files need to be noted here: fullchain.cer and laobuluo.com.key (this should be your own domain name).
Second, modify and add scripts
/usr/local/nginx/conf/vhost/
This depends on which WEB environment we install. For example, when installing LNMP, you can see the .CONF configuration file of the site in the directory above, and then add the script.
listen 443 ssl http2;ssl_certificate /root/.acme.sh/laobuluo.com/fullchain.cer;ssl_certificate_key /root/.acme.sh/laobuluo.com/laobuluo.com.key;ssl_protocols TLSv1 TLSv1.1 TLSv1 .2;ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;ssl_prefer_server_ciphers on;ssl_session_timeout 10m;ssl_session_cache builtin:1000 shared: SSL:10m ;ssl_buffer_size 1400;add_header Strict-Transport-Security max-age=15768000;ssl_stapling on;ssl_stapling_verify on;
Here you need to pay attention to modifying the path and file name of the two files of your certificate. The difference from what we used before is that the ssl_certificate file is fullchain.cer, which used to be the domain name prefix.
Third, jump and follow-up questions
Here Snail only introduces the installation of the certificate. If we need to force a jump, add a 301 jump. Finally, we restart NGINX to take effect.
Recommended site searches: host domain name, high-defense US server, Japanese proxy server IP, overseas domain name registration, Korean proxy server, mainland China station group server, asp free space, monthly payment space, Ministry of Industry and Information Technology registration website, wordpress space, < /p>
发表评论