markdown certbot独立多个域#https #tls

Posted 2021-05-06

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了markdown certbot独立多个域#https #tls相关的知识，希望对你有一定的参考价值。


```
certbot certonly --standalone -d dns.de.blahdns.com -d svr5.ookangzheng.com -d doh.de.blahdns.com
```

nginx.conf
```
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
	worker_connections 1024;
}

http {

server {
listen 443 ssl;
listen [::]:443 ssl;
#rewrite ^(.*) https://$server_name$1 permanent;
server_name doh.de.blahdns.com dns.de.blahdns.com;

ssl on;
    ssl_certificate       /etc/letsencrypt/live/dns.de.blahdns.com/fullchain.pem;
    ssl_certificate_key   /etc/letsencrypt/live/dns.de.blahdns.com/privkey.pem;
    ssl_protocols         TLSv1.2;
    ssl_ciphers           ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_tickets on;
    ssl_session_timeout   4h;
    ssl_stapling on; 
    ssl_stapling_verify on;
    ssl_session_cache shared:SSL:20m;
    proxy_set_header    Host              $host;
    proxy_set_header    X-Real-IP         $remote_addr;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-SSL on;
    proxy_set_header    X-Forwarded-Proto $scheme;

location / {
        return      444;
        }

location /dns-query {
    proxy_pass http://localhost:8053;
        #proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header X-Forwarded-Proto https;
        include /etc/nginx/proxy_params;
}

}

# server {
#     listen 81 ;
#     listen [::]:81 ;
#     server_name svr5.ookangzheng.com;
#     return 301 https://$host$request_uri;
# }

server {
listen 81 ssl;
listen [::]:81 ssl;
server_name svr5.ookangzheng.com;

ssl on;
    ssl_certificate       /etc/letsencrypt/live/dns.de.blahdns.com/fullchain.pem;
    ssl_certificate_key   /etc/letsencrypt/live/dns.de.blahdns.com/privkey.pem;
    ssl_protocols         TLSv1.2;
    ssl_ciphers           ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_tickets on;
    ssl_session_timeout   4h;
    ssl_stapling on; 
    ssl_stapling_verify on;
    ssl_session_cache shared:SSL:20m;
    proxy_set_header    Host              $host;
    proxy_set_header    X-Real-IP         $remote_addr;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-SSL on;
    proxy_set_header    X-Forwarded-Proto $scheme;

location / {
         return      444;
        }

location /admin {
    proxy_pass http://127.0.0.1:82/admin;
    #proxy_redirect off;
    include /etc/nginx/proxy_params;
}
}

} 
```

以上是关于markdown certbot独立多个域#https #tls的主要内容，如果未能解决你的问题，请参考以下文章

markdown Certbot与DNS挑战

markdown Certbot

markdown Certbot在网站上启用https

markdown 让我们在Amazon Linux上使用Certbot进行加密

markdown 添加ppa dan install certbot di ubuntu linux

Nginx/Certbot - 来自域/.well-known 的无效响应