参考链接

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
mkdir /var/www/acme

git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install --home /var/www/acme
cd /var/www/acme

## 以 DNSPod 为例
export DP_Id="xxxxx"
export DP_Key="xxxxxxxxxxxxxxx"

./acme.sh --issue --dns dns_dp -d xxx.com -d "*.xxx.com" --certhome /var/www/acme

## 将生成的证书文件配置后重启服务即可
sudo systemctl reload nginx

自动更新脚本

编辑脚本 /var/www/acme/renew_cert.sh

1
2
3
4
5
6
7
8
9
10
11
#!/bin/bash

__DIR__=`cd "$(dirname "$0")"; pwd`
cd "${__DIR__}"

export DP_Id="xxxxx"
export DP_Key="xxxxxxxxxxxxxxx"

./acme.sh --issue --dns dns_dp -d xxx.com -d "*.xxx.com" --certhome /var/www/acme --force

sudo systemctl reload nginx

root 用户运行 crontab -e

1
0 0 1 * * /var/www/acme/renew_cert.sh

Nginx 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
server {
#######################
listen 443;
listen [::]:443;

ssl on;
ssl_certificate /var/www/acme/xxx.com/fullchain.cer;
ssl_certificate_key /var/www/acme/xxx.com/xxx.com.key;
#######################

root /var/www/xxx.com;
index index.html index.htm;

server_name xxx.com www.xxx.com;

location / {
try_files $uri $uri/ =404;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}

server {
listen 80;
server_name xxx.com www.xxx.com;

location / {
rewrite ^/(.*)$ https://$server_name/$1 permanent;
}
}