Skip to content

SSL证书

生成自签名证书

方式一

https://github.com/FiloSottile/mkcert

curl -L -o /usr/local/bin/mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
chmod +x /usr/local/bin/mkcert
mkcert -install
mkcert gaojinbo.com "*.gaojinbo.com" localhost 127.0.0.1 ::1
mkcert -CAROOT

方式二

https://github.com/soulteary/certs-maker/blob/main/README_CN.md

docker run --rm -it -v /opt/ssl:/ssl docker.gaojinbo.com/soulteary/certs-maker:v3.6.1 \
"--CERT_DNS=gaojinbo.com,*.gaojinbo.com,*.data.gaojinbo.com,192.168.21.195,127.0.0.1"

生成公网泛域名证书

需要先将域名解析到服务器IP

方式一

https://certbot.eff.org/instructions?ws=nginx&os=snap

#基于nginx自动申请和续期
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx
sudo certbot certonly --nginx
sudo certbot renew --dry-run

方式二

https://github.com/acmesh-official/acme.sh

#安装
curl https://get.acme.sh | sh -s email=my@example.com
wget -O - https://get.acme.sh | sh -s email=my@example.com
exit
#生成
#使用独立服务模式,先解析v1 A记录到服务器
#服务器上没有运行任何 Web 服务,80 端口是空闲
acme.sh/acme.sh --issue --standalone -d v1.gaojinbo.com