preface

In order to upgrade my company’s website to HTTPS, I found a useful tool on the Internet that can help me quickly upgrade to HTTPS. This is the Acme.sh project, which has a more detailed tutorial.

Precautions when using

I won’t talk about the tutorial of this tool, but the documentation is very detailed. I’ll just write down any problems I have with it, just in case.

The main problem is that when the certificate is generated, it does not succeed. The document provides several ways to generate a certificate. HTTP requires placing a file in the root directory of your website to verify your domain name ownership. The certificate can then be generated. Manual DNS: Manually add a TXT resolution record to a domain name to verify the ownership of the domain name.

I’m using HTTP. I started with this:

acme.sh  --issue  -d mydomain.com -d www.mydomain.com  --webroot  /home/wwwroot/mydomain.com/
Copy the code

But the certificate was not generated successfully. I wonder if the Webroot directory I set is not correct.

Then I used nginx again:

acme.sh  --issue  -d example.com  --nginx /etc/nginx/nginx.conf
Copy the code

Discovery still not successful, keep reporting another validation error. Here. Stuck me for hours.

In desperation, I switch to a third way to solve:

acme.sh  --issue -d mydomain.com   --standalone
Copy the code

This time it was a success

When using this method, make sure port 80 and 443 are not in use (I will disable nginx when I use it).

Once the certificate is generated, you can find the generated certificate file under the ~/.acme.sh/mydomain.com directory.

Nginx installs HTTPS certificates

If you don’t have the SSL module installed on your nginx, you will need to install it first, and you can refer to this article

Copy the two certificate files shown in the following figure into the SSL module of nginx, depending on your location. Then configure the certificate in nginx.conf as shown in the following figure:

After the configuration is complete, restart nginx. Visit the website and you will find that it is already prefixed with HTTPS

The last

Acme. sh obtains the Letsencrypt certificate. The certificate applied for in Letsencrypt is free, but the validity period is only 2 months. Alternatively, you can write your own scheduled task control.