Home > Developer > Web Develop
httpsGoogleUse LetEncrypt certificates as a way to implement your blog https .
acme.sh?? acme Protocol that can be letsencrypt generated from a free certificate.
GitHub https://github.com/Neilpang/acme.sh
Main steps:
Installation is simple, one command:
curl https://get.acme.sh | sh
Both the normal user and the root user can be installed and used. The installation process takes the following steps:
cd ~/.acme.sh/
and create one bash alias that is handy for your use:?alias acme.sh=~/.acme.sh/acme.sh
2). Automatically create for you cronjob , automatically detect all the Certificates 0:00 o ' Day, and if they expire and need to be updated, the certificate will be automatically updated.
acme.sh? The implementation? acme All authentication protocols supported by the Protocol. There are generally two ways to verify: http and dns verify.
This is the use of http authentication
cd ~/.acme.sh/yum install socat
If you haven't run any web services yet,? 80 ? The port is idle, then? acme.sh ? can also pretend to be a webserver , temporarily listen to 80 the port, complete the verification:
3. copy/Installation Certificatesh acme.sh --issue -d www.souyunku.com --standalone
After the previous certificate is generated, the next step is to take the certificate copy to the place where it really needs to be used.
Note that the certificates that are generated by default are placed in the installation directory:? ~/.acme.sh/ , do not directly use files under this directory, for example: do not directly let nginx/apache the configuration file use this file. The files inside are used internally, and the directory structure may change.
mkdir -p /certscd /root/.acme.sh/www.souyunku.comcp www.souyunku.com.cer /certscp www.souyunku.com.key /certs
Configure Nginx
vim /usr/local/nginx/conf/nginx.conf
Configuring certificates
server { listen 443; ssl on; ssl_certificate /certs/www.souyunku.com.cer; ssl_certificate_key /certs/www.souyunku.com.key;}
httpRedirect tohttps
server { listen 80; server_name www.souyunku.com; rewrite ^(.*) https://$server_name$1 permanent;}
Check the Nginx profile every time you modify it
4. Update the certificate/usr/local/nginx/sbin/nginx -t
Currently the certificate is automatically updated after 60 days and you do not need any action. It's possible to shorten this time in the future, but it's all automatic and you don't have to worry about it.
5. Update acme.shCurrently, the ACME protocol and the Letsencrypt CA are frequently updated, so acme.sh is also frequently updated to keep in sync.
Upgrade acme.sh to the latest version:
acme.sh --upgrade
If you don't want to upgrade manually, you can turn on automatic upgrades:
acme.sh --upgrade --auto-upgrade
After that, acme.sh is automatically kept up to date.
You can also turn off automatic Updates at any time:
6. Test HTTPSacme.sh --upgrade --auto-upgrade 0
Start Nginx
/usr/local/nginx/sbin/nginx
Browser access www.souyunku.com will automatically jump to https://www.souyunku.com
Finally, because the blog using the seven Qiniu http protocol cdn caused the static resources in the blog is not available, and finally the seven Qiniu static resources configuredhttps
Configuration steps
Click menu: Converged cdn--> Domain management--and HTTPS configuration
Click? SSL certificate Management-Https://portal.qiniu.com/certificate/ssl#cert, you can request or upload your own certificate on the SSL Certificate Services page.
Last click: Force HTTPS Access
The user's HTTP request is forced to jump to the HTTPS protocol for access after it is opened.
ContactConfigure a free HTTs certificate for your website
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
