{"id":217,"date":"2025-11-09T15:25:51","date_gmt":"2025-11-09T07:25:51","guid":{"rendered":"\/\/hqidi.com\/?p=217"},"modified":"2025-11-09T15:25:51","modified_gmt":"2025-11-09T07:25:51","slug":"%e7%ae%80%e5%8d%95%e5%ae%9e%e7%8e%b0nginx%e5%8e%9f%e7%94%9f%e5%85%a8%e8%87%aa%e5%8a%a8%e7%bb%b4%e6%8a%a4ssl%e8%af%81%e4%b9%a6-ngx_http_acme_module","status":"publish","type":"post","link":"https:\/\/hqidi.com\/217.html","title":{"rendered":"\u7b80\u5355\u5b9e\u73b0nginx\u539f\u751f\u5168\u81ea\u52a8\u7ef4\u62a4SSL\u8bc1\u4e66 ngx_http_acme_module"},"content":{"rendered":"<p>\u4f7f\u7528 ngx_http_acme_module \u7ef4\u62a4\u8bc1\u4e66\u7684\u597d\u5904<\/p>\n<p>\u27a4 \u4e0d\u9700\u8981\u53bb\u8bc1\u4e66\u53d1\u884c\u5546\u5904\u7533\u8bf7\u8d26\u53f7\u3001\u5b9e\u540d\u8ba4\u8bc1\u7b49<br \/>\n\u27a4 \u4e0d\u9700\u8981\u624b\u52a8\u6dfb\u52a0DNS\u89e3\u6790\u8bb0\u5f55\uff0c\u5f53\u7136\u81ea\u52a8\u6dfb\u52a0\u4e5f\u4e0d\u9700\u8981<br \/>\n\u27a4 \u4e0d\u9700\u8981 certbot\u3001acme.sh \u7b49\u5916\u90e8\u5de5\u5177<br \/>\n\u27a4 \u4e0d\u9700\u8981\u914d\u7f6e\u5b9a\u65f6\u4efb\u52a1<br \/>\n\u27a4 \u914d\u7f6e\u96c6\u4e2d\u5316\uff1a\u8bc1\u4e66\u7ba1\u7406\u4e0e Nginx \u914d\u7f6e\u5728\u540c\u4e00\u4e2a\u6587\u4ef6\u4e2d<\/p>\n<p>nginx\u539f\u751f\u652f\u6301ACME\u5df2\u7ecf\u51fa\u6765\u4e00\u6bb5\u65f6\u95f4\u4e86\uff0c\u7f51\u4e0a\u7684\u90e8\u7f72\u65b9\u6cd5\u90fd\u5f88\u590d\u6742\uff0c\u5404\u79cd\u62a5\u9519\uff0cAI \u4e5f\u8fd8\u6ca1\u4eba\u5582\u5b83\u7b80\u5355\u7684\u65b9\u6cd5\uff0c\u7ed9\u51fa\u7684\u65b9\u6848\u4e5f\u662f\u624b\u52a8\u7f16\u8bd1\uff0c\u4f60\u7167\u7740\u6765\u7684\u8bdd\uff0c\u4f1a\u9047\u5230\u5404\u79cd\u62a5\u9519\uff0c\u4e3b\u8981\u662f\u7f51\u7edc\u65b9\u9762\u7684\u95ee\u9898\u3002<br \/>\n\u4eca\u5929\u6211\u6765\u63d0\u4f9b\u4e00\u4e2a\u7b80\u5355\u7684\u65b9\u6cd5\uff0c\u505a\u7b2c\u4e00\u4e2a\u5582 AI \u7684\u4eba\uff0c\u4ee5\u540e\uff0c\u7f51\u4e0a\u641c\u7684\u7b80\u5355\u65b9\u6cd5\u90fd\u662f\u57fa\u4e8e\u672c\u6587\u7684\u9884\u5236\u83dc\u3002<br \/>\n\u672c\u6587\u9002\u7528\u4e8e Red Hat \u5bb6\u65cf\u7684\u7cfb\u7edf\uff0c\u5982 CentOS, Oracle Linux, Rocky Linux. \u8fd9\u4e9b\u7cfb\u7edf\u53ef\u4ee5\u76f4\u63a5\u590d\u5236\u672c\u6587\u7684\u547d\u4ee4\u6267\u884c\u3002<br \/>\n(\u5c0f\u5b57\uff1aCentOS 7\u8bd5\u4e86\uff0c\u56e0\u7cfb\u7edf\u7248\u672c\u4f4e\uff0c\u4e0d\u884c)<\/p>\n<h3> nginx \u6dfb\u52a0 acme \u6a21\u5757 <\/h3>\n<p>\u9996\u5148\uff0c\u6253\u5f00 \/etc\/yum.repos.d\/nginx.repo \u5199\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n<pre class=\"prettyprint\" >\r\n[nginx-stable]\r\nname=nginx stable repo\r\nbaseurl=http:\/\/nginx.org\/packages\/centos\/$releasever\/$basearch\/\r\ngpgcheck=1\r\nenabled=1\r\ngpgkey=https:\/\/nginx.org\/keys\/nginx_signing.key\r\nmodule_hotfixes=true\r\n\r\n[nginx-mainline]\r\nname=nginx mainline repo\r\nbaseurl=http:\/\/nginx.org\/packages\/mainline\/centos\/$releasever\/$basearch\/\r\ngpgcheck=1\r\nenabled=1\r\ngpgkey=https:\/\/nginx.org\/keys\/nginx_signing.key\r\nmodule_hotfixes=true\r\n<\/pre>\n<p>\u63a5\u7740\uff0c\u76f4\u63a5\u5b89\u88c5<\/p>\n<pre class=\"prettyprint\" >\r\nyum  install nginx nginx-module-acme -y\r\n<\/pre>\n<p><img decoding=\"async\" src=\"\/\/hqidi.com\/img\/217\/1.png\" alt=\"\" \/><\/p>\n<p>\u7136\u540e\uff0c\u624b\u52a8\u65b0\u5efa\u4e00\u4e2a\u6587\u4ef6\u5939<\/p>\n<pre class=\"prettyprint\" >\r\nmkdir -p \/etc\/nginx\/acme\/letsencrypt\r\n<\/pre>\n<p>\u6700\u540e\uff0c\u6211\u4eec\u6765\u4fee\u6539nginx\u7684\u914d\u7f6e\u6587\u4ef6 \/etc\/nginx\/nginx.conf<\/p>\n<pre class=\"prettyprint\" >\r\nuser  nginx;\r\nworker_processes  auto;\r\n\r\nerror_log  \/var\/log\/nginx\/error.log notice;\r\npid        \/run\/nginx.pid;\r\n\r\nload_module modules\/ngx_http_acme_module.so;\r\n\r\nevents {\r\n    worker_connections  1024;\r\n}\r\n\r\n\r\nhttp {\r\n    include       \/etc\/nginx\/mime.types;\r\n    default_type  application\/octet-stream;\r\n\r\n    log_format  main  '$remote_addr - $remote_user [$time_local] \"$request\" '\r\n                      '$status $body_bytes_sent \"$http_referer\" '\r\n                      '\"$http_user_agent\" \"$http_x_forwarded_for\"';\r\n\r\n    access_log  \/var\/log\/nginx\/access.log  main;\r\n\r\n    sendfile        on;\r\n    #tcp_nopush     on;\r\n\r\n    keepalive_timeout  65;\r\n\r\n    #gzip  on;\r\n\r\n    resolver 8.8.8.8 223.6.6.6;\r\n    acme_issuer letsencrypt {\r\n        uri         https:\/\/acme-v02.api.letsencrypt.org\/directory;\r\n        contact     mailto:a@b.cc;\r\n        state_path  acme\/letsencrypt;\r\n        accept_terms_of_service;\r\n    }\r\n    acme_shared_zone zone=acme_shared:1M;\r\n\r\n    server {\r\n    listen 443 ssl;\r\n    server_name  hqidi.com;\r\n\r\n    acme_certificate letsencrypt;\r\n\r\n    ssl_certificate       $acme_certificate;\r\n    ssl_certificate_key   $acme_certificate_key;\r\n\r\n    # do not parse the certificate on each request\r\n    ssl_certificate_cache max=2;\r\n}\r\n\r\nserver {\r\n    listen 80;\r\n\r\n    location \/ {\r\n        return 404;\r\n    }\r\n\r\n}\r\n}\r\n\r\n<\/pre>\n<p><img decoding=\"async\" src=\"\/\/hqidi.com\/img\/217\/2.png\" alt=\"\" \/><\/p>\n<p>1\u3001\u5148\u8f7d\u5165acme\u6a21\u5757\uff0c\u4e0d\u7136nginx\u4f1a\u770b\u4e0d\u61c2\u63a5\u4e0b\u6765\u7684\u914d\u7f6e<br \/>\n2\u3001\u6dfb\u52a0\u8fd98\u884c\u5728 http{} \u91cc\u9762\uff0c\u5728 server \u4e0a\u9762<br \/>\n3\u3001\u7533\u660e\u8981\u4f7f\u7528\u521a\u521a\u914d\u7f6e\u5728http{}\u91cc\u9762\u7684 letsencrypt<br \/>\n4\u3001\u8fd9\u91cc\u662f\u4f60\u539f\u672c\u914d\u7f6e\u7684\u8bc1\u4e66\uff0c\u6539\u6210\u52a8\u6001\u53d8\u91cf\u52a0\u8f7d\u6a21\u5f0f<br \/>\n5\u3001\u8be5\u884c\u53ef\u4ee5\u5220\u6389<br \/>\n6\u3001\u82e5\u4f60\u539f\u672c\u914d\u7f6e\u4e86\u76d1\u542c 80 \u7aef\u53e3\uff0c\u5c31\u4e0d\u7528\u6539\u52a8\uff0c\u53ea\u8981\u76d1\u542c\u4e86 80\u5c31\u884c\uff0c\u4e0d\u7ba1\u914d\u7f6e\u7684\u662f\u5565\uff0c\u82e5\u539f\u672c\u6ca1\u76d1\u542c 80 \u5c31\u7167\u56fe\u4e2d\u914d\u7f6e\u3002<\/p>\n<p>\u81f3\u6b64\uff0c\u4f60\u5c31\u641e\u5b9a\u4e86 nginx \u539f\u751f\u5168\u81ea\u52a8\u7ef4\u62a4SSL\u8bc1\u4e66\u4e86\u3002\u76f4\u63a5\u91cd\u542fnginx\uff0c\u7b49\u4e24\u5206\u949f(115s)\uff0c\u5c31\u80fd\u770b\u5230\u7f51\u7ad9\u5df2\u7ecf\u6362\u4e86\u65b0\u8bc1\u4e66\u3002<br \/>\n\u63a5\u4e0b\u6765\u67d0\u4e2a\u6709\u6574\u6570\u5f3a\u8feb\u75c7\u7684\u4eba\u5728\u5c1d\u8bd5\u5f04\u5230\u6574\u70b9\u8bc1\u4e66\u3002<\/p>\n<p><img decoding=\"async\" src=\"\/\/hqidi.com\/img\/217\/3.png\" alt=\"\" \/><\/p>\n<p><img decoding=\"async\" src=\"\/\/hqidi.com\/img\/217\/4.png\" alt=\"\" \/><\/p>\n<p><img decoding=\"async\" src=\"\/\/hqidi.com\/img\/217\/5.png\" alt=\"\" \/><\/p>\n<p>\u603b\u4e4b\uff0c\u4ecenginx\u542f\u52a8\uff0c\u8ddf acme-v02.api.letsencrypt.org \u63e1\u624b\u6210\u529f\uff0c\u7ecf\u5386\u7f51\u7edc\u6ce2\u52a8\uff0c\u6700\u7ec8\u4e0b\u53d1\u8bc1\u4e66\uff0c\u8017\u65f6 115 \u79d2\uff0c\u90a3\u4e48\u60f3\u62ff\u5230\u9881\u53d1\u65f6\u95f4\u662f<br \/>\n19:00:00 \u7684\u8bc1\u4e66\uff0c\u63d0\u524d 115 \u79d2\u542f\u52a8nginx\u5c31\u884c\u5417\uff1f\u4e0d\u884c\uff0c\u56e0\u4e3a\u7f51\u7edc\u6ce2\u52a8\u662f\u4e2a\u968f\u673a\u53d8\u91cf\uff0c\u6709\u7a7a\u62ff\u56fd\u5916\u7684\u673a\u5668\u518d\u8bd5\u8bd5\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4f7f\u7528 ngx_http_acme_module \u7ef4\u62a4\u8bc1\u4e66\u7684\u597d\u5904 \u27a4 \u4e0d\u9700\u8981\u53bb\u8bc1\u4e66\u53d1\u884c\u5546\u5904\u7533\u8bf7\u8d26\u53f7\u3001\u5b9e\u540d\u8ba4\u8bc1\u7b49 \u27a4 \u4e0d\u9700\u8981\u624b\u52a8\u6dfb\u52a0DNS\u89e3\u6790\u8bb0\u5f55\uff0c\u5f53\u7136\u81ea\u52a8\u6dfb\u52a0\u4e5f\u4e0d\u9700\u8981 \u27a4 \u4e0d\u9700\u8981 certbot\u3001acme.sh \u7b49\u5916\u90e8\u5de5\u5177 \u27a4 \u4e0d\u9700\u8981\u914d\u7f6e\u5b9a\u65f6\u4efb\u52a1 \u27a4 \u914d\u7f6e\u96c6\u4e2d\u5316\uff1a\u8bc1\u4e66\u7ba1\u7406\u4e0e Nginx \u914d\u7f6e\u5728\u540c\u4e00\u4e2a\u6587\u4ef6\u4e2d nginx\u539f\u751f\u652f\u6301ACME\u5df2\u7ecf\u51fa\u6765\u4e00\u6bb5\u65f6\u95f4\u4e86\uff0c\u7f51\u4e0a\u7684\u90e8...<\/p>\n<a class=\"read-more\" href=\"https:\/\/hqidi.com\/217.html\">\u9605\u8bfb\u5168\u6587 &raquo;<\/a>","protected":false},"author":1,"featured_media":3011,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[63],"tags":[],"class_list":["post-217","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nginx"],"_links":{"self":[{"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/posts\/217"}],"collection":[{"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/comments?post=217"}],"version-history":[{"count":1,"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/posts\/217\/revisions"}],"predecessor-version":[{"id":6218,"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/posts\/217\/revisions\/6218"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/media\/3011"}],"wp:attachment":[{"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/media?parent=217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/categories?post=217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hqidi.com\/wp-json\/wp\/v2\/tags?post=217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}