我有一个NGINX服务器,我试图使用Let的加密来添加SSL。
我的开发设置如下:
url : dev.domain.in
root: /var/www/dev/html
制作如下:
url : domain.in
root: /var/www/production/html
所以在我的nginx默认页面中,我有两个服务器块,一个用于开发,另一个用于生产
我想为两台服务器提供一个证书。
我知道根据Let's Encrypt网站命令如下
cd / opt / letsencrypt ./letsencrypt-auto certonly -a webroot --webroot-path = / usr / share / nginx / html -d example.com -d www.example.com
但是只有当SUBDOMAIN具有相同的webroot时才能做到这一点,在我的情况下这不是真的。
所以我如何在这里添加CERT
请帮帮我
答案 0 :(得分:9)
I use a common webroot across all of my virtual hosts on my nginx box.
/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \
-d example.com,www.example.com
... and in nginx I have snippets/letsencrypt.conf
:
location ~ /.well-known {
root /srv/www/letsencrypt;
allow all;
}
... which gets included in my server block for each site.
The files in the .well-known directory are temporary - they only exist for long enough for the authorisation process to complete and are then removed.
Once registration is successful, I then include the certificate definition in the server block via include ssl/example.com.conf;
where that file contains the following:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
... along with the relevant listen directives to enable SSL on port 443.
You can include the same definition in multiple server blocks.
I have additional subdomains as SANs in my certificate as well and I have separate server blocks for example.com
, www.example.com
and also other subdomains like click.example.com
- all using the same certificate.
答案 1 :(得分:1)
让加密webroot方法使用webroot目录中名为“.well-known / acme-challenge”的文件。您可以在开发人员和主服务器上配置位置代码段,以指向另一个仅用于此文件的webroot。
类似的东西:
location /.well-known/acme-challenge {
alias /etc/letsencrypt/webrootauth/.well-known/acme-challenge;
location ~ /.well-known/acme-challenge/(.*) {
add_header Content-Type application/jose+json;
}
}
并将您的webroot指向--webroot-path /etc/letsencrypt/webrootauth
这discussion可以提供帮助
或者你可以使用独立方法并手工完成一些工作。