TLS/SSL ---- https, secure socket layer

acme.sh

在 nginx 上设置 acme.sh

教程：

在 ubuntu 上使用： how to config on ubuntu

启用配置：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
server {
    # listen 80 default_server;
    # listen [::]:80 default_server;

    # SSL configuration
    #
    # 启用 ssl
    listen 443 ssl default_server;

    # ssl_certificate /home/sawyer/.acme.sh/docker.zhenglei.site/docker.zhenglei.site.cer
    ssl_certificate /home/sawyer/.acme.sh/docker.zhenglei.site/fullchain.cer;
    ssl_certificate_key /home/sawyer/.acme.sh/docker.zhenglei.site/docker.zhenglei.site.key
}

为什没要用 fullchain.cer

因为使用简化版的 cer(证书),会出现如下问题

浏览器不会报错
curl 命令会报错

docker push 会报错

1
2
3
4
5
6
7
$ curl -Lo - https://lenim.myown-it.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

文章目录

acme.sh

在 nginx 上设置 acme.sh