====== HTTPS证书配置 ======
0. 安装acme.sh
curl https://get.acme.sh | sh -s email=uncle-lu@outlook.com
1. 申请证书
acme.sh --issue -d uncle-lu.org --nginx
2. 创建nginx证书存放目录
mkdir -p /etc/nginx/ssl/uncle-lu.org
3. nginx配置文件
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate "/etc/nginx/ssl/fiona-rums.net/fullchain.cer";
ssl_certificate_key "/etc/nginx/ssl/fiona-rums.net/fiona-rums.net.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
4. acme.h移动证书
acme.sh --install-cert -d uncle-lu.org \
--key-file /etc/nginx/ssl/uncle-lu.org/uncle-lu.org.key \
--fullchain-file /etc/nginx/ssl/uncle-lu.org/fullchain.cer \
--reloadcmd "service nginx force-reload"