重影
您好!
我已经试着用我的领域幽灵一段时间了!我从来都不知道Let's Encrypt Rate Limit,所以我反复安装和卸载,直到我无法从Let's Encryption获得另一个SSL,才把事情搞砸了!
我目前正在尝试重新安装并真正使用它,但Let's Encrypt不会再给我颁发SSL证书。我已经等了好几天了,他们还是不给我!
我设法从ZeroSSL手动获得了SSL证书,但由于我不熟悉Nginx和SSL证书,无法安装它!!
我尝试手动安装acme.sh,并将默认服务器设置为ZeroSSL,但每当我运行ghost setup SSL时,它仍然使用Let's Encrypt!
我想在/etc/nginx/sites-enabled中手动创建一个类似steptzi.com.ng.conf的配置文件,并链接我手动获得的配置文件!!
请这里的任何人向我解释如何使用ZeroSSL或acme.sh 为我的域的WWW和非WWW版本配置SSL证书
重影config.production.json:
{
"url": "https://steptzi.com.ng",
"server": {
"port": 2368,
"host": "127.0.0.1"
},
"database": {
"client": "mysql",
"connection": {
"host": "localhost",
"user": "ghost-39",
"password": "3qQ&7"lA:Oo^,OanH:MH",
"database": "ghost_prod"
}
},
"mail": {
"transport": "Direct"
},
"logging": {
"transports": [
"file",
"stdout"
]
},
"process": "systemd",
"paths": {
"contentPath": "/var/www/ghost/content"
}
}
steptzi.com.ng.conf
server {
listen 80;
listen [::]:80;
server_name steptzi.com.ng;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
好吧,我想明白了!!
步骤:
- 转到https://zerossl.com获取新的SSL
- 下载NGINX格式的SSL
下载证书后,您应该有一个包含以下证书文件的ZIP:
certificate.crt
ca_bundle.crt
private.key
- 可以通过FileZilla解压缩SSL文件并将其上传到服务器
- NGINX要求合并所有.crt文件以允许SSL安装。您需要运行以下命令来合并certificate.crt和ca_bundle.crt文件。
cat certificate.crt ca_bundle.crt >> certificate.crt - 将
certificate.crt和private.key移动到/etc/ssl-sudo mv certificate.crt /etc/ssl和sudo mv private.key /etc/ssl - 在
/etc/nginx/sites-enabled/your-domain.com.conf编辑配置文件
在
listen [::]:80;行之后立即添加
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/certificate.crt;
ssl_certificate_key /etc/ssl/private.key;
您的代码现在应该与此类似:
server {
listen 80;
listen [::]:80;
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/certificate.crt;
ssl_certificate_key /etc/ssl/private.key;
server_name your-domain.com.ng;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
- 重新启动服务器
sudo /etc/init.d/nginx restart
- 完成