nrserver也安装acme。更新acme的readme.md
This commit is contained in:
Dennis Mo
@@ -50,6 +50,8 @@
|
|||||||
|
|
||||||
1. 复制证书:
|
1. 复制证书:
|
||||||
|
|
||||||
|
场景1:
|
||||||
|
|
||||||
mkdir -p /srv/certbot/conf/live/dev.woyue.org
|
mkdir -p /srv/certbot/conf/live/dev.woyue.org
|
||||||
|
|
||||||
acme.sh --installcert -d dev.woyue.org -d *.dev.woyue.org \
|
acme.sh --installcert -d dev.woyue.org -d *.dev.woyue.org \
|
||||||
@@ -57,8 +59,25 @@
|
|||||||
--fullchain-file /srv/certbot/conf/live/dev.woyue.org/fullchain.pem \
|
--fullchain-file /srv/certbot/conf/live/dev.woyue.org/fullchain.pem \
|
||||||
--reloadcmd "docker restart nginxdocker_nginx_1"
|
--reloadcmd "docker restart nginxdocker_nginx_1"
|
||||||
|
|
||||||
|
场景2:
|
||||||
|
|
||||||
|
mkdir -p /srv/certbot/conf/live/nr.woyue.org
|
||||||
|
|
||||||
|
acme.sh --installcert -d nr.woyue.org -d *.nr.woyue.org \
|
||||||
|
--key-file /srv/certbot/conf/live/nr.woyue.org/privkey.pem \
|
||||||
|
--fullchain-file /srv/certbot/conf/live/nr.woyue.org/fullchain.pem \
|
||||||
|
--reloadcmd "docker restart nginx"
|
||||||
|
|
||||||
注意,最后的nginxdocker_nginx_1为nginx容器的名称。请根据实际情况修改。**或不加此参数,手动重启nginx**。
|
注意,最后的nginxdocker_nginx_1为nginx容器的名称。请根据实际情况修改。**或不加此参数,手动重启nginx**。
|
||||||
|
|
||||||
2. 生成:dhparams文件
|
2. 生成:dhparams文件
|
||||||
|
|
||||||
openssl dhparam -out /srv/certbot/conf/ssl-dhparams.pem 2048
|
openssl dhparam -out /srv/certbot/conf/ssl-dhparams.pem 2048
|
||||||
|
|
||||||
|
## 使用证书
|
||||||
|
|
||||||
|
例如,要使用上述证书,则nginx的docker对应etc/letsencrypt的目录就是/srv/certbot/conf。比如说,conf文件里引用的密钥文件路径为:
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/nr.woyue.org/fullchain.pem
|
||||||
|
|
||||||
|
那么,docker mount的路径就应该是:-v /srv/certbot/conf:/etc/letsencrypt
|
||||||
Reference in New Issue
Block a user