1.执行 安装 sh 脚本
curl https://get.acme.sh | sh
2.打开以下地址并创建AccessKey
https://usercenter.console.aliyun.com/#/manage/ak
3.执行vim ~/.bashrc添加Ali_Key和Ali_Secret
export Ali_Key=""
export Ali_Secret=""
4.颁发证书
acme.sh --issue --dns dns_ali -d domain.com -d *.domain.com
5.安装证书
acme.sh --installcert -d domain.com -d '*.domain.com' --key-file /etc/nginx/ssl/domain.com/domain.com.key --fullchain-file /etc/nginx/ssl/domain.com/fullchain.cer --reloadcmd "nginx -s reload"
6.配置nginx
server {
listen 443 ssl;
server_name domain.com www.domain.com;
client_max_body_size 100M;
ssl_certificate /etc/nginx/ssl/domain.com/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/domain.com/domain.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:5001;
}
}