SSL证书
生成自签名证书
方式一
https://github.com/FiloSottile/mkcert
curl -L -o /usr/local/bin/mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64chmod +x /usr/local/bin/mkcertmkcert -installmkcert gaojinbo.com "*.gaojinbo.com" localhost 127.0.0.1 ::1mkcert -CAROOT
方式二
https://github.com/soulteary/certs-maker/blob/main/README_CN.md
docker run --rm -it -v /opt/ssl:/ssl docker.gaojinbo.com/soulteary/certs-maker:v3.6.1 \"--CERT_DNS=gaojinbo.com,*.gaojinbo.com,*.data.gaojinbo.com,192.168.21.195,127.0.0.1"
生成公网泛域名证书
需要先将域名解析到服务器IP
方式一
https://certbot.eff.org/instructions?ws=nginx&os=snap
#基于nginx自动申请和续期sudo snap install --classic certbotsudo ln -s /snap/bin/certbot /usr/bin/certbotsudo certbot --nginxsudo certbot certonly --nginxsudo certbot renew --dry-run
方式二
https://github.com/acmesh-official/acme.sh
#安装curl https://get.acme.sh | sh -s email=my@example.comwget -O - https://get.acme.sh | sh -s email=my@example.comexit
#生成#使用独立服务模式,先解析v1 A记录到服务器#服务器上没有运行任何 Web 服务,80 端口是空闲acme.sh/acme.sh --issue --standalone -d v1.gaojinbo.com