安装编译环境，同时需要go 1.22+

apt install build-essential && golang-1.22

安装golangci-lint

curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.60.2

源码安装go-acme

cd /opt
git clone git@github.com:go-acme/lego.git
cd lego
make        # tests + doc + build
make build  # only build

vim ~/.bashrc
export PATH=$PATH:/root/go/bin/:/opt/lego/dist
lego -v

关闭nginx

systemctl stop nginx

签发证书

lego --email="test@test.com" --domains="test.com" --path="/opt/ssl/" -a --http run

提前45天续签证书

lego --email="test@test.com" --domains="test.com" --path="/opt/ssl/" -a --http renew --days 45

自定义端口(可选)

--http.port
--tls.port

https://go-acme.github.io/lego/usage/cli/options/index.html#port-usage

nginx配置ssl

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name test.com www.test.com;
    
    # SSL证书及配置
    ssl_certificate /opt/ssl/certificates/test.com.crt;
    ssl_certificate_key /opt/ssl/certificates/test.com.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    # 网站的其他配置...
}