使用阿里云云解析DNS API快速申请泛域名SSL证书

1.执行 安装 sh 脚本

curl https://get.acme.sh | sh

2.打开以下地址并创建AccessKey

https://usercenter.console.aliyun.com/#/manage/ak

3.执行vim ~/.bashrc添加Ali_Key和Ali_Secret

export Ali_Key=""
export Ali_Secret=""

4.颁发证书

acme.sh --issue --dns dns_ali -d domain.com -d *.domain.com

5.安装证书

acme.sh --installcert -d domain.com -d '*.domain.com' --key-file /etc/nginx/ssl/domain.com/domain.com.key --fullchain-file /etc/nginx/ssl/domain.com/fullchain.cer --reloadcmd "nginx -s reload"

6.配置nginx

server {
                listen 443 ssl;
                server_name domain.com www.domain.com;
                client_max_body_size    100M;
                ssl_certificate /etc/nginx/ssl/domain.com/fullchain.cer;
                ssl_certificate_key /etc/nginx/ssl/domain.com/domain.com.key;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;
                location / {
                        proxy_pass   http://localhost:5001;
                }
}