yum install certbot-nginx
certbot certonly --register-unsafely-without-email --domains www.lgy-note.tk
certbot renew
三个月更新一次.nginx 编译 --prefix=/root/nginx --with-http_sub_module --with-http_v2_module --with-http_ssl_module
server {
listen 0.0.0.0:443 ssl http2 default;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.lgy-note.tk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.lgy-note.tk/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / { root html; }
}
泛域名证书
wget https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh
sh acme.sh --issue -d *.lgy-note.tk -d lgy-note.tk --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please 添加dns记录
sh acme.sh --issue -d *.lgy-note.tk -d lgy-note.tk --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew