acme自签证书
//
# acme.sh 自签证书
腾讯云 API密钥管理 平台 (opens new window)
export Tencent_SecretId="XXXX"
export Tencent_SecretKey="XXXX"
./acme.sh --install -m yfk5227@163.com
./acme.sh --issue --dns dns_tencent -d yfklife.cn --set-default-ca --server letsencrypt
./acme.sh --issue --dns dns_tencent -d yfklife.cn
ln -sf /root/.acme.sh/yfklife.cn/yfklife.cn.cer /etc/nginx/ssl/yfklife.cn_bundle.crt
ln -sf /root/.acme.sh/yfklife.cn/yfklife.cn.key /etc/nginx/ssl/yfklife.cn.key
#自动更新
/root/.acme.sh/acme.sh --cron --home "/root/.acme.sh"
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
- 生成新的
在腾讯云 API密钥管理 平台生成,然后配置策略
wget https://download.yfklife.cn/blog/ops/acme/acme-yfk.sh
export Tencent_SecretId="yfklifeK3d2HJ8lDSegU7ZotoX5SdbNzRgkd"
export Tencent_SecretKey="yfklifeBdtxrY2JNEsTvBE6lET2UknlY"
./acme.sh --issue --dns dns_tencent -d yfklife.cn -d yfklife.cn
1
2
3
4
5
6
7
2
3
4
5
6
7
- nginx-yfk.conf
server
{
listen 443 ssl;
server_name yfklife.cn;
server_tokens off;
ssl_certificate ssl/yfklife.cn_bundle.crt;
ssl_certificate_key ssl/yfklife.cn.key;
client_max_body_size 0;
proxy_max_temp_file_size 0;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#ssl_ciphers '!aNULL:!MD5:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-WITH-AES128-GCM-SHA256';
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
- 创建软链接
ln -sf /root/.acme.sh/yfklife.cn_ecc/yfklife.cn.key /etc/nginx/ssl/yfklife.cn.key
ln -sf /root/.acme.sh/yfklife.cn_ecc/fullchain.cer /etc/nginx/ssl/yfklife.cn_bundle.crt
nginx -s reload
1
2
3
4
2
3
4
//
如果此文章对您有帮助,点击 -->> 请博主喝咖啡 (opens new window)
上次更新: 2025/11/12, 16:05:18