如何给网站配置 免费的SSL/TLS证书?

2,315 阅读1分钟

如今跟支付和推广相关的业务需求都需要网站支持 https.很多付费的ssl证书可以买。那么有免费的配置方式吗?当然

亲自实践推荐:Let's Encrypt

上面是官网截图。看不习惯英文的右上角有 语言选项,支持中文。

步骤一

登录注册地址:注册登录 不需要验证手机号,只需要验证邮箱。比较适合那些不喜欢手机号的,比如我,哈哈。

步骤二

填入需要申请证书的域名

步骤三

验证域名的归属,证明域名是你的。两种方式

  • http: 根据http请求访问,返回指定的token串
  • dns: 通过添加dns前缀验证

下载证书部署

下载后是一个zip压缩包,里面会包含证书文件,加压后文件如下

nginx 配置方式

我部署Larvel项目时 nginx 配置

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf; 
    ssl_certificate "/path/to/fullchain.crt"; 
    ssl_certificate_key "/path/to/private/private.pem";

  server {
    listen 80;
    listen 443 ssl http2;
    server_name yourdomain.com;
    root /home/yourdomain.com/public;

    ssl_certificate "/etc/pki/nginx/fullchain.crt"; 
    ssl_certificate_key "/etc/pki/nginx/private/private.pem";
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        #  fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}  

nginx 重启

https 就可以访问了。中间有些过程省略了,不懂的留言问我。