安装 certbot-auto
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help
一行命令申请自己的SSL证书,注意中途会需要解析域名txt值
./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d "yourdomain.com" --manual --preferred-challenges dns-01 certonly
认证完成后向对应的nginx虚拟站点配置文件中添加
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /certs/yourdomain.com/fullchain1.pem;
ssl_certificate_key /certs/yourdomain.com/privkey1.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
重启代理容器 docker restart proxy
