Home > Developer > Web Develop
Learn from Think no: 1190000015231137
httpswebsite Search engine will be a priority, so take time to record the process of configuring the blog, a variety of information, and finally found me a good guide
Use LetEncrypt certificates as a way to implement your blog https .
acme.sh implements a acme protocol that can letsencrypt generate free certificates from.
GitHub https://github.com/Neilpang/acme.sh
Main steps:
Installation is simple, one command:
curl https://get.acme.sh | sh
Both the normal user and the root user can be installed and used. The installation process takes the following steps:
Install the acme.sh in your home directory:
cd ~/.acme.sh/
and create one bash alias that is handy for your use:alias acme.sh=~/.acme.sh/acme.sh
automatically creates it for you cronjob , automatically detects all certificates 0:00 every day, and updates the certificate automatically if it expires and needs to be updated.
acme.shAll authentication protocols supported by the protocol are implemented. There are generally two ways to verify: and verify. acme http dns
This is the use of http authentication
cd ~/.acme.sh/yum install socat
If you are not running any web services and 80 The port is idle, then acme.sh You can also pretend that you are a webserver , temporarily 80 listening on the port, complete the verification:
3. copy/Installation Certificatesh acme.sh --issue -d www.souyunku.com --standalone
After the previous certificate is generated, the next step is to take the certificate copy to the place where it really needs to be used.
Note that the default generated certificates are placed in the installation directory: Do ~/.acme.sh/ not use files directly under this directory, for example: do not directly let nginx/apache the configuration file use this file below. The files inside are used internally, and the directory structure may change.
mkdir -p /certscd /root/.acme.sh/www.souyunku.comcp www.souyunku.com.cer /certscp www.souyunku.com.key /certs
Configure Nginx
vim /usr/local/nginx/conf/nginx.conf
Configuring certificates
server { listen 443; ssl on; ssl_certificate /certs/www.souyunku.com.cer; ssl_certificate_key /certs/www.souyunku.com.key;}
httpRedirect tohttps
server { listen 80; server_name www.souyunku.com; rewrite ^(.*) https://$server_name$1 permanent;}
Check the Nginx profile every time you modify it
4. Update the certificate/usr/local/nginx/sbin/nginx -t
Currently the certificate is automatically updated after 60 days and you do not need any action. It's possible to shorten this time in the future, but it's all automatic and you don't have to worry about it.
5. Update acme.shCurrently, the ACME protocol and the Letsencrypt CA are frequently updated, so acme.sh is also frequently updated to keep in sync.
Upgrade acme.sh to the latest version:
acme.sh --upgrade
If you don't want to upgrade manually, you can turn on automatic upgrades:
acme.sh --upgrade --auto-upgrade
After that, acme.sh is automatically kept up to date.
You can also turn off automatic Updates at any time:
6. Test HTTPSacme.sh --upgrade --auto-upgrade 0
Start Nginx
/usr/local/nginx/sbin/nginx
Browser access www.xxx.com will automatically jump to https://www.xxx.com
Configuration steps
Click menu: Converged cdn--> Domain management--and HTTPS configuration
Click SSL Certificate Management-Https://portal.qiniu.com/certificate/ssl#cert, you can request or upload your own certificate on the SSL Certificate Services page.
Last click: Force HTTPS Access
The user's HTTP request is forced to jump to the HTTPS protocol for access after it is opened.
Configure a free HTTs certificate for your website
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
