用lnmp ssl add 一直提示:Let's Encrypt SSL Certificate create failed!
试了网上的解决方案还是不行,那就自己动手配置吧;
腾讯云免费ssl证书申请地址:https://console.cloud.tencent.com/ssl
证书申请通过后,这里只需要nginx内的 1_ccc.xxx.cc_bundle.crt 2_ccc.xxx.cc.key 这两个文件。
上传至服务器nginx的ssl目录内,我这里的目录结构为:/usr/local/nginx/conf/ssl/
然后修改配置文件,如果有配置多域名那么就修改nginx/conf/vhost/xxx.xxx.cc.conf
添加如下:
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name xxx.xxx.cc ;#这里改为要配置ssl的域名
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/xxx.xxx.cc;#网站路径
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/1_xxx.xxx.cc_bundle.crt;#改为自己所申请到的证书
ssl_certificate_key /usr/local/nginx/conf/ssl/2_xxx.xxx.cc.key;#改为自己所申请到的证书
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
root /home/wwwroot/xxx.xxx.cc;#网站路径
index index.html index.htm index.php default.html default.htm default.php;
}
include other.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/xxx.xxx.cc.log;#网站日志路径
}保存后使用命令:
lnmp nginx reload
重新载入nginx配置文件,如无异常那么就是成功咯
[root@xiaojun pki-validation]# lnmp nginx reload +-------------------------------------------+ | Manager for LNMP, Written by Licess | +-------------------------------------------+ | https://lnmp.org | +-------------------------------------------+ Reload service nginx... done [root@xiaojun pki-validation]#
========================================================================================
完整配置文件参考:
server
{
listen 80;
#listen [::]:80;
server_name api.xxx.cc ;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/api.xxx.cc;
#跳转到https
if ($server_port !~ "^443$"){
set $rule_0 1$rule_0;
}
if ($rule_0 = "1"){
rewrite /(.*) https://$server_name/$1 redirect;
}
include other.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/api.xxx.cc.log;
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name api.xxx.cc ;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/api.xxx.cc;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/1_api.xxx.cc_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/2_api.xxx.cc.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
root /home/wwwroot/api.xxx.cc;
index index.html index.htm index.php default.html default.htm default.php;
}
include other.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/api.xxx.cc.log;
}转载请注明本文标题和链接:《 lnmp手动配置部署SSL 》