-
Notifications
You must be signed in to change notification settings - Fork 0
Free SSL Certs
matveynator edited this page May 21, 2024
·
15 revisions
curl -L 'https://git.io/JaXBn' > /usr/local/bin/certbot-to-acme.sh; chmod +x /usr/local/bin/certbot-to-acme.sh; certbot-to-acme.sh
curl https://get.acme.sh | sh
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
/root/.acme.sh/acme.sh --register-account -m [email protected]
/root/.acme.sh/acme.sh -w /var/www/html --issue -d domain.com -d www.domain.com
curl 'https://raw.githubusercontent.com/matveynator/sysadminscripts/main/acme.sh-wildcard-hetzner-dns' > /usr/local/bin/acme.sh-wildcard-hetzner-dns; chmod +x /usr/local/bin/acme.sh-wildcard-hetzner-dns; sudo /usr/local/bin/acme.sh-wildcard-hetzner-dns
export HETZNER_Token="HETZNERTOKEN"; /root/.acme.sh/acme.sh --issue --dns dns_hetzner -d domain.com -d *.domain.com
#acme.sh crontab /etc/acme nginx reload via (--renew-hook)
0 1 * * * /root/.acme.sh/acme.sh --renew-all &> /dev/null
0 2 * * * /etc/init.d/nginx reload &> /dev/null;
#show old certificates:
for domain in `certbot-auto certificates 2>/dev/null |grep "Domains:" |awk -F'Domains:' '{print$2}'`; do echo -n " -d $domain"; done;
#добавить в конфиг нгинкса:
location /.well-known {
root /var/www/html;
}
#или в апаче:
Alias "/.well-known" "/var/www/html/.well-known"
#пример валидного конфига:
server {
listen *:80;
server_name domain.com;
location /.well-known {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name domain.com;
listen *:443 ssl;
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
location / {
root /var/www/domain.com;
}
}
server {
listen *:80;
server_name domain.com;
location /.well-known {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name domain.com;
listen *:443 ssl;
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
# Увеличиваем максимальный размер тела запроса до 1 ГБ
client_max_body_size 1G;
location / {
proxy_pass http://IP;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Устанавливаем максимальный размер временного файла для проксирования
proxy_max_temp_file_size 1024m;
}
}