用lnmp ssl add 一直提示:Let's Encrypt SSL Certificate create failed!
试了网上的解决方案还是不行,那就自己动手配置吧;
腾讯云免费ssl证书申请地址:https://console.cloud.tencent.com/ssl
证书申请通过后,这里只需要nginx内的 1_ccc.xxx.cc_bundle.crt 2_ccc.xxx.cc.key 这两个文件。
上传至服务器nginx的ssl目录内,我这里的目录结构为:/usr/local/nginx/conf/ssl/
然后修改配置文件,如果有配置多域名那么就修改nginx/conf/vhost/xxx.xxx.cc.conf
添加如下:
server { listen 443 ssl http2; #listen [::]:443 ssl http2; server_name xxx.xxx.cc ;#这里改为要配置ssl的域名 index index.html index.htm index.php default.html default.htm default.php; root /home/wwwroot/xxx.xxx.cc;#网站路径 ssl on; ssl_certificate /usr/local/nginx/conf/ssl/1_xxx.xxx.cc_bundle.crt;#改为自己所申请到的证书 ssl_certificate_key /usr/local/nginx/conf/ssl/2_xxx.xxx.cc.key;#改为自己所申请到的证书 ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 ssl_prefer_server_ciphers on; location / { root /home/wwwroot/xxx.xxx.cc;#网站路径 index index.html index.htm index.php default.html default.htm default.php; } include other.conf; #error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } include enable-php.conf; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log /home/wwwlogs/xxx.xxx.cc.log;#网站日志路径 }
保存后使用命令:
lnmp nginx reload
重新载入nginx配置文件,如无异常那么就是成功咯
[root@xiaojun pki-validation]# lnmp nginx reload +-------------------------------------------+ | Manager for LNMP, Written by Licess | +-------------------------------------------+ | https://lnmp.org | +-------------------------------------------+ Reload service nginx... done [root@xiaojun pki-validation]#
========================================================================================
完整配置文件参考:
server { listen 80; #listen [::]:80; server_name api.xxx.cc ; index index.html index.htm index.php default.html default.htm default.php; root /home/wwwroot/api.xxx.cc; #跳转到https if ($server_port !~ "^443$"){ set $rule_0 1$rule_0; } if ($rule_0 = "1"){ rewrite /(.*) https://$server_name/$1 redirect; } include other.conf; #error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } include enable-php.conf; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log /home/wwwlogs/api.xxx.cc.log; } server { listen 443 ssl http2; #listen [::]:443 ssl http2; server_name api.xxx.cc ; index index.html index.htm index.php default.html default.htm default.php; root /home/wwwroot/api.xxx.cc; ssl on; ssl_certificate /usr/local/nginx/conf/ssl/1_api.xxx.cc_bundle.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/2_api.xxx.cc.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 ssl_prefer_server_ciphers on; location / { root /home/wwwroot/api.xxx.cc; index index.html index.htm index.php default.html default.htm default.php; } include other.conf; #error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } include enable-php.conf; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log /home/wwwlogs/api.xxx.cc.log; }
转载请注明本文标题和链接:《 lnmp手动配置部署SSL 》