使用 acme.sh 申请 Let’ s Encrypt  SSL 证书

# 首先域名可以正常访问
# 申请证书的域名：contract.grayvip.com
# /www/wwwroot/contract/public/ 站点访问目录
curl https://get.acme.sh | sh
source ~/.bashrc
acme.sh --issue -d contract.grayvip.com -w /www/wwwroot/contract/public/
# 生成 key 和 pem
acme.sh --installcert -d contract.grayvip.com --keypath /root/contract.grayvip.com.key --fullchainpath /root/contract.grayvip.com.pem --reloadcmd "nginx reload"

#SSL-START SSL相关配置
ssl_certificate /root/contract.grayvip.com.pem;
ssl_certificate_key /root/contract.grayvip.com.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#SSL-END
# 计划任务续签
0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
# 测试计划任务
acme.sh --cron -f