使用 lego生成 Let's Encrypt 证书
1. 工具
lego --email="foo@bar.com" --domains="example.com" run
lego --email="foo@bar.com" --domains="example.com" renew按照时间生成证书
lego --email="foo@bar.com" --domains="example.com" renew --days 30
lego --email="foo@bar.com" --domains="yunmarket.info" run
server {
listen 443 ssl http2;
server_name localhost;
root /usr/share/nginx/html;
ssl_certificate /opt/mycert/yunmarket.info.crt;
ssl_certificate_key /opt/mycert/yunmarket.info.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH';
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
}