阿里云 安装免费https证书
1.https证书下单
阿里云证书地址:https://www.aliyun.com/product/cas?spm=5176.10695662.958455.1.21d262a6SspzLN
点击选购证书
,即可进入证书购买页面
证书类型选择免费版-个人
,然后下单支付即可。
2.证书申请
进入证书控制台,进行证书申请
写域名,譬如我的appserver的域名为:fecyoserver.fecshop.com
,然后点击下一步
点击验证
,提交审核
然后进行等待证书签发
3.下载签发的证书,以及nginx配置
3.1证书一个小时内可以签发,签发后,可以在阿里云证书控制台看到
点击下载,将nginx的压缩包下载下来,解压之后,里面有两个文件 3809900_fecyoserver.fecshop.com.key
和
3809900_fecyoserver.fecshop.com.pem
文件
3.2nginx配置
将这两个文件上传到服务器,我上传的文件路径为
/etc/letsencrypt/live/fecyoserver.fecshop.com-aliyun/3809900_fecyoserver.fecshop.com.key
/etc/letsencrypt/live/fecyoserver.fecshop.com-aliyun/3809900_fecyoserver.fecshop.com.pem
在nginx配置里面添加(将文件路径改成你自己的文件路径)
listen 543 ssl http2;
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/fecyoserver.fecshop.com-aliyun/3809900_fecyoserver.fecshop.com.pem;
ssl_certificate_key /etc/letsencrypt/live/fecyoserver.fecshop.com-aliyun/3809900_fecyoserver.fecshop.com.key;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
添加完成后的完整nginx域名配置
server {
listen 80;
listen 543 ssl http2;
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/fecyoserver.fecshop.com-aliyun/3809900_fecyoserver.fecshop.com.pem;
ssl_certificate_key /etc/letsencrypt/live/fecyoserver.fecshop.com-aliyun/3809900_fecyoserver.fecshop.com.key;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server_name fecyoserver.fecshop.com;
root /www/web/demo/fecyo/appserver/web;
server_tokens off;
include none.conf;
index index.php index.html index.htm;
access_log /www/web_logs/access.log wwwlogs;
error_log /www/web_logs/error.log notice;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
location /cn/ {
index index.php;
if (!-e $request_filename){
rewrite . /cn/index.php last;
}
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
}
location ~ .*\.(js|css)?$ {
expires 12h;
}
}
保存,重启nginx ,然后访问:https://fecyoserver.fecshop.com/
发现https可以访问了,证书也是有效的
如果阿里云发现不能访问,可能443端口没有开启,登入阿里云,进入控制台,添加安全组规则。