一、下载程序
# 下载应用程序
curl https://get.acme.sh |sh
# 手动解压
tar -zxvf acme.sh-master.tar.gz
# 进入目录
cd acme.sh-master
# 必要程序
yum install -y socat
yum install -y crontabs
yum install -y openssl
# 安装程序
./acme.sh --install
# 创建账号
./acme.sh --register-account -m 875667601@qq.com
二、创建密钥
# 添加环境变量
export DP_Id="317212"
export DP_Key="cee45605c1e3*******01935349cd4cc"
# 生成证书
./acme.sh --issue --dns dns_dp -d xiaoqiangzai.xyz -d '*.xiaoqiangzai.xyz'
生成成功
三、配置Nginx
配置Nginx只需要这两个文件即可
/root/.acme.sh/xiaoqiangzai.xyz/fullchain.cer
/root/.acme.sh/xiaoqiangzai.xyz/xiaoqiangzai.xyz.key
配置文件
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name *.xiaoqiangzai.xyz;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
ssl_certificate /ssl/fullchain.cer;
ssl_certificate_key /ssl/xiaoqiangzai.xyz.key;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
log_not_found off;
location / {
# 域名是*.xiaoqiangzai.xyz的转发到内网穿透服务器
proxy_pass $scheme://10.0.20.3:$proxy_port;
}
}
四、注意事项
证书有效期为三个月