https-LetEncrypt

>sudo apt install -y python3-pip python3-setuptools python3-dev
>pip3 install --upgrade pip
>pip3 install wheel
>pip3 list | grep crypto | awk '{print $2}'
>pip3 uninstall -y cryptography
>rm -r cryptoggraphy cryptography-2.1.4.egg-info
>cd -
>pip3 install cryptography
>pip3 install certbot
>certbot certonly --standalone --agree-tos --register-unsafely-without-email -d www.ibyg.net

执行结果:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.ibyg.net
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.ibyg.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.ibyg.net/privkey.pem
   Your cert will expire on 2020-09-12. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

nginx配置

server {
    listen       443 ssl http2;
    server_name www.ibyg.net;
    charset utf-8;

    # ssl配置
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_session_tickets off;
    ssl_certificate /etc/letsencrypt/live/www.ibyg.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.ibyg.net/privkey.pem;

    access_log  /var/log/nginx/www.ibyg.net.access.log;
    error_log /var/log/nginx/www.ibyg.net.error.log;

    root /usr/share/nginx/html;
    location / {
        proxy_pass https://ibyg.net/;
    }
}

docker run -d -v /root/Documents/nginx-assets:/usr/share/nginx/assets -v /etc/docker/nginx/conf.d:/etc/nginx/conf.d --net host nginx nginx

上一篇:自签https证书

你可能感兴趣的:(开发总结)