0

再会!

我一直在用我的域尝试 ghost 有一段时间了!我从来不知道 Let's Encrypt 速率限制,所以我通过反复安装和卸载搞砸了,直到我无法从 let's encrypt 再次获得另一个 SSL!

我目前正在尝试重新安装并真正使用它,但 Let's Encrypt 不会向我颁发另一个 SSL 证书。我已经等了几天了,他们还是不给我!

我设法从 ZeroSSL 手动获取 SSL 证书,但由于我不熟悉 Nginx 和 SSL 证书,我无法安装它!

我尝试手动安装 acme.sh 并将默认服务器设置为 ZeroSSL,但每当我运行它时,ghost setup SSL它仍然使用 Let's Encrypt!

我正在考虑手动创建一个配置文件并链接我/etc/nginx/sites-enabled手动获得的配置文件!steptzi.com.ng.conf

请任何人在这里向我解释如何使用 ZeroSSL 或 acme.sh 为我的域的 WWW 和非 WWW 版本配置 SSL 证书

幽灵config.production.json

{
  "url": "https://steptzi.com.ng",
  "server": {
    "port": 2368,
    "host": "127.0.0.1"
  },
  "database": {
    "client": "mysql",
    "connection": {
      "host": "localhost",
      "user": "ghost-39",
      "password": "3qQ&7\"lA:Oo^,OanH:MH",
      "database": "ghost_prod"
    }
  },
  "mail": {
    "transport": "Direct"
  },
  "logging": {
    "transports": [
      "file",
      "stdout"
    ]
  },
  "process": "systemd",
  "paths": {
    "contentPath": "/var/www/ghost/content"
  }
}

steptzi.com.ng.conf

server {
    listen 80;
    listen [::]:80;

    server_name steptzi.com.ng;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}
4

1 回答 1

0

好的,所以我想通了!!

脚步:

下载证书后,您应该有一个包含以下证书文件的 ZIP:

certificate.crt
ca_bundle.crt
private.key
  • 解压 SSL 文件并上传到服务器可能是通过 FileZilla
  • NGINX 需要合并所有 .crt 文件以允许 SSL 安装。您需要运行以下命令来合并您的 certificate.crt 和 ca_bundle.crt 文件。cat certificate.crt ca_bundle.crt >> certificate.crt
  • 移动certificate.crtprivate.key/etc/ssl-sudo mv certificate.crt /etc/sslsudo mv private.key /etc/ssl
  • 编辑配置文件在/etc/nginx/sites-enabled/your-domain.com.conf

在该listen [::]:80; 行之后立即添加

listen               443 ssl;
    
ssl                  on;
ssl_certificate      /etc/ssl/certificate.crt; 
ssl_certificate_key  /etc/ssl/private.key;

您的代码现在应该与此类似:

server {
    listen 80;
    listen [::]:80;

    listen               443 ssl;

    ssl                  on;
    ssl_certificate      /etc/ssl/certificate.crt;
    ssl_certificate_key  /etc/ssl/private.key;

    server_name your-domain.com.ng;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}
  • 重启服务器
sudo /etc/init.d/nginx restart
  • 完毕!!!!
于 2021-11-30T00:36:27.910 回答