您的位置:时间博客>Linux>lnmp手动配置部署SSL

lnmp手动配置部署SSL

用lnmp ssl add 一直提示:Let's Encrypt SSL Certificate create failed!

试了网上的解决方案还是不行,那就自己动手配置吧;


腾讯云免费ssl证书申请地址:https://console.cloud.tencent.com/ssl

证书申请通过后,这里只需要nginx内的 1_ccc.xxx.cc_bundle.crt 2_ccc.xxx.cc.key 这两个文件。

上传至服务器nginx的ssl目录内,我这里的目录结构为:/usr/local/nginx/conf/ssl/


然后修改配置文件,如果有配置多域名那么就修改nginx/conf/vhost/xxx.xxx.cc.conf


添加如下:

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name xxx.xxx.cc ;#这里改为要配置ssl的域名
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/xxx.xxx.cc;#网站路径
        ssl on;
        ssl_certificate /usr/local/nginx/conf/ssl/1_xxx.xxx.cc_bundle.crt;#改为自己所申请到的证书
        ssl_certificate_key /usr/local/nginx/conf/ssl/2_xxx.xxx.cc.key;#改为自己所申请到的证书
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;
        location / {
            root   /home/wwwroot/xxx.xxx.cc;#网站路径
            index  index.html index.htm index.php default.html default.htm default.php;
        }

        include other.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/xxx.xxx.cc.log;#网站日志路径
    }


保存后使用命令:

lnmp nginx reload

重新载入nginx配置文件,如无异常那么就是成功咯

[root@xiaojun pki-validation]# lnmp nginx reload
+-------------------------------------------+
|    Manager for LNMP, Written by Licess    |
+-------------------------------------------+
|              https://lnmp.org             |
+-------------------------------------------+
Reload service nginx...  done
[root@xiaojun pki-validation]#


========================================================================================

完整配置文件参考:

server
    {
        listen 80;
        #listen [::]:80;
        server_name api.xxx.cc ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/api.xxx.cc;

        #跳转到https
        if ($server_port !~ "^443$"){
            set $rule_0 1$rule_0;
        }
        if ($rule_0 = "1"){
            rewrite /(.*) https://$server_name/$1 redirect;
        }

        include other.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/api.xxx.cc.log;
    }

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name api.xxx.cc ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/api.xxx.cc;
        ssl on;
        ssl_certificate /usr/local/nginx/conf/ssl/1_api.xxx.cc_bundle.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/2_api.xxx.cc.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;
        location / {
            root   /home/wwwroot/api.xxx.cc;
            index  index.html index.htm index.php default.html default.htm default.php;
        }

        include other.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/api.xxx.cc.log;
    }


转载请注明本文标题和链接:《 lnmp手动配置部署SSL
分享到:

相关推荐

网友评论 0

未登陆 表情
Ctrl+Enter快速提交