You can quickly upgrade your website to HTTPS for free

The preparatory work

First of all, you need to have your own domain name. For example, THE domain NAME I want to apply for is Cers.happyjava.cn

To apply for the certificate

Go to freessl.cn, fill in the domain name and click “create a freessl certificate”.

You will then be prompted to enter your mailbox, select the certificate type, authentication type, and so on.

The certificate type is two different encryption modes. You can select one based on your requirements.

Verification type:

• DNS: DNS interpretation is required for verification (recommended)
• File authentication: Upload files to a server for authentication (depending on your situation, many people may not have a server and simply want to apply for an HTTPS certificate)

CSR generation method: Offline and one application requires downloading a software, so I didn’t try it. Browser generation is the fastest, but the public and private keys are not their own generation, security may not be guaranteed; To upload a CSR certificate application file, you need to generate a public and private key locally and create a certificate application file. For details, you can search for openSSL documents.

In order to make it convenient for me to choose the browser generation method, if it is more private, I must upload the CSR file to apply for it.

Click Next to download a private key file and follow the instructions for DNS verification.

After the authentication succeeds, the system generates related files (including the root certificate, certificate, and private key) and downloads them to the local PC.

Configure SSL

Add configuration on nginx:

server {
        listen       443 ssl;
        server_name  cors.happyjava.cn;
        root         /usr/share/nginx/html;

        ssl_certificate "/root/app/cors/full_chain.pem";
        ssl_certificate_key "/root/app/cors/private.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphersHIGH:! aNULL:! MD5;ssl_prefer_server_ciphers on;

        location/ {}error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
}
Copy the code

Access the browser to check whether it is normal