免费申请SSL证书的方法

---

声明:这是我在大学毕业后进入第一家互联网工作学习的内容

---

申请地址

https://freessl.cn/

申请步骤

选择需要申请SSL证书域名

选择证书类型并创建

下载KeyManager客户端

DNS验证

导出证书

配置证书

Nginx配置

解压证书并放到服务器文件里，解压完的文件有2个:xxx.crt、xxx.key

[root@nginx CA]#cd /CA
[root@nginx CA]# ll
total 8
-rw-r--r-- 1 root root 3570 Apr 30 14:15 xxx.crt
-rw-r--r-- 1 root root 1679 Apr 30 14:15 xxx.key

配置nginx.conf 添加此证书

server {
    listen       443 ssl http2;
    server_name  xxx.com;
    root         /usr/share/nginx/html;

    ssl_certificate "/ca/xxx.crt";
    ssl_certificate_key "/ca/xxx.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    include /etc/nginx/default.d/*.conf;

    location / {
        proxy_pass http://172.31.22.31:8082;
        proxy_set_header   Host             $proxy_host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $host;
        proxy_set_header   X-Forwarded-Server $host;
        client_max_body_size 100m;
        client_body_buffer_size 100m;

    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

添加完成后需要重启nginx

nginx -s stop
nginx 

kubernetes集群添加证书

[root@dev-master-01 CA]#cd /CA
[root@dev-master-01 CA]# ll
total 8
-rw-r--r-- 1 root root 3570 Apr 30 14:15 xxx.crt
-rw-r--r-- 1 root root 1679 Apr 30 14:15 xxx.key

kubectl create secret tls xxx.com --cert=xxx.crt --key=xxx.key

腾讯云平台添加证书

登陆腾讯云
https://console.cloud.tencent.com/ssl

上传证书保存即可

---

版权声明：

原创不易，洗文可耻。除非注明，本博文章均为原创，转载请以链接形式标明本文地址。