狗爹 https
-
先购买ssl服务 (首年有赠送)
-
生成服务器的 CSR 文件
用 root 权限进入服务器,输入:
openssl req -new -newkey rsa:2048 -nodes -keyout your_domain_.key -out your_domain_.csr
(必须是 2048 ,Godaddy 规定如此)
按照要求填写正确的信息(Godaddy 帮助页面有相关帮助:http://help.godaddy.com/topic/746/article/5269)
依次输入信息如下:
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:love
Organizational Unit Name (eg, section) []:lovet
Common Name (eg, your name or your server's hostname) []:love
Email Address []:Beijing
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:love.com
An optional company name []:love
- 将crt全部内容,填写到 SSL request area .
图片.png
提交变更。
- 查看邮件,等邮件通知证书完成,去网站下载证书,
如果是nginx,需要选择other:这块下载一个.zip文件
图片.png
- 创建ssl目录
mkdir /etc/nginx/ssl
将刚才生成的key文件复制到ssl目录里面
cp your_domain_.key /etc/nginx/ssl/
5.将下载的zip解压复制到ssl目录里面
参考:https://sg.godaddy.com/help/nginx-on-centos-7-install-a-certificate-27192
生成新的csr
cat f84e19a2f44c6386.crt gd_bundle-g2-g1.crt >> your_domain_.crt
- 修改nginx的配置文件
server {
listen 80;
server_name coolexample.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name coolexample.com;
ssl_certificate /etc/nginx/ssl/coolexample.crt;
ssl_certificate_key /etc/nginx/ssl/coolexample.key;
root /usr/share/nginx/coolexample.com/;
index index.php index.html index.htm;
}
- nginx -t 检查是否有错误
nginx -s reload 即可
