====== HTTPS证书配置 ======

0. 安装acme.sh
<code bash>
curl https://get.acme.sh | sh -s email=uncle-lu@outlook.com
</code>

1. 申请证书
<code bash>
acme.sh --issue -d uncle-lu.org --nginx
</code>

2. 创建nginx证书存放目录
<code bash>
mkdir -p /etc/nginx/ssl/uncle-lu.org
</code>

3. nginx配置文件
<code>
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    ssl_certificate "/etc/nginx/ssl/fiona-rums.net/fullchain.cer";
    ssl_certificate_key "/etc/nginx/ssl/fiona-rums.net/fiona-rums.net.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
</code>

4. acme.h移动证书
<code bash>
acme.sh --install-cert -d uncle-lu.org \
--key-file       /etc/nginx/ssl/uncle-lu.org/uncle-lu.org.key  \
--fullchain-file  /etc/nginx/ssl/uncle-lu.org/fullchain.cer \
--reloadcmd     "service nginx force-reload"
</code>