一、下载程序

# 下载应用程序
curl https://get.acme.sh |sh
# 手动解压
tar -zxvf acme.sh-master.tar.gz
# 进入目录
cd acme.sh-master
# 必要程序
yum install -y socat
yum install -y crontabs
yum install -y openssl
# 安装程序
./acme.sh --install
# 创建账号
./acme.sh --register-account -m 875667601@qq.com

二、创建密钥

image-20220527062449165

# 添加环境变量
export DP_Id="317212"
export DP_Key="cee45605c1e3*******01935349cd4cc"
# 生成证书
./acme.sh --issue --dns dns_dp -d xiaoqiangzai.xyz -d '*.xiaoqiangzai.xyz'

生成成功

image-20220527061347451

三、配置Nginx

配置Nginx只需要这两个文件即可

/root/.acme.sh/xiaoqiangzai.xyz/fullchain.cer
/root/.acme.sh/xiaoqiangzai.xyz/xiaoqiangzai.xyz.key

配置文件

server {
    listen      443      ssl;
    listen      [::]:443 ssl;
    server_name *.xiaoqiangzai.xyz;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    ssl_certificate     /ssl/fullchain.cer;
    ssl_certificate_key /ssl/xiaoqiangzai.xyz.key;
    proxy_set_header    X-Real-IP $remote_addr;
    proxy_set_header    Host $http_host;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    access_log off;
    log_not_found off;
    location / {
        # 域名是*.xiaoqiangzai.xyz的转发到内网穿透服务器
        proxy_pass $scheme://10.0.20.3:$proxy_port;
    }
}

四、注意事项

证书有效期为三个月

image-20220527063847430