- 在服务器或者电脑上安装git
- 拉取仓库
git clone https://github.com/certbot/certbot.git - 进入certbot目录执行一下命令
./certbot-auto certonly -d zenglbg.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory - 输入邮箱地址
- 阅读服务条款
- 是否同意certbot提供方发送邮件给你
- 在域名提供商dns解析模板添加txt解析
必须在供应商dns解析模块添加txt解析后才能确认 类型为txt 主机为_acme-challenge txt值为上图圈起来字符串 通过
dig -t txt _acme-challenge.zenglbg.com @8.8.8.8查看txt解析是否生效,圈文字与上图圈中文字相同即可回车
- 回车后即可完成证书的创建
- 添加证书目录映射
/etc/letsencrypt:/etc/letsencrypt编辑docker-compose.yaml
# docker-compose-yaml
services:
nginx:
build:
context: ./nginx
volumes:
- /etc/letsencrypt:/etc/letsencrypt
- 配置nginx.conf
server {
listen 80;
server_name zenglbg.com;
return 301 https://zenglbg.com$request_uri;
}
server {
listen 443 ssl;
server_name zenglbg.com;
ssl_certificate /etc/letsencrypt/live/zenglbg.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zenglbg.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/ghost.log;
error_log /var/log/nginx/ghost_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:2368;
proxy_redirect off;
}
}
