1、freessl证书申请
(freessl证书)[https://freessl.cn/] 现在降级了,只能免费使用3个月,
点击立即申请,选择“浏览器生成”,填写“证书域名”,验证方式“DNS”,加密算法:“RSA”
证书域名填写你需要配合的域名后点击提交
记住“主机记录”,“记录类型”,“记录值”
以阿里云为例
在此处填写“主机记录”,“记录类型”,“记录值”
然后等待几分钟~几个小时,等待生效
点击“证书”,下载证书,其中应该包含:“full_chain.pem”、“private.key” 两个文件
以nginx为例:
一、对于非80端口:
server {
listen 4000 ssl;
index index.html index.htm index.nginx-debian.html;
server_name 【你的域名】;
ssl_certificate /etc/nginx/cers/full_chain.pem;
ssl_certificate_key /etc/nginx/cers/private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;';
ssl_prefer_server_ciphers on;
error_page 497 301 https://$http_host$request_uri;
charset utf-8;
root /usr/share/nginx/html;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
}二、对于80端口:
server {
listen 443 ssl;
listen 80;
index index.html index.htm index.nginx-debian.html;
server_name 【你的域名】;
ssl_certificate /etc/nginx/cers/full_chain.pem;
ssl_certificate_key /etc/nginx/cers/private.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;';
ssl_prefer_server_ciphers on;
error_page 497 301 https://$http_host$request_uri;
charset utf-8;
root /usr/share/nginx/html;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
}这样即可将https证书部署完毕了。