安装编译环境,同时需要go 1.22+
apt install build-essential && golang-1.22
安装golangci-lint
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.60.2
源码安装go-acme
cd /opt
git clone git@github.com:go-acme/lego.git
cd lego
make # tests + doc + build
make build # only build
vim ~/.bashrc
export PATH=$PATH:/root/go/bin/:/opt/lego/dist
lego -v
关闭nginx
systemctl stop nginx
签发证书
lego --email="test@test.com" --domains="test.com" --path="/opt/ssl/" -a --http run
提前45天续签证书
lego --email="test@test.com" --domains="test.com" --path="/opt/ssl/" -a --http renew --days 45
自定义端口(可选)
--http.port
--tls.port
https://go-acme.github.io/lego/usage/cli/options/index.html#port-usage
nginx配置ssl
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name test.com www.test.com;
# SSL证书及配置
ssl_certificate /opt/ssl/certificates/test.com.crt;
ssl_certificate_key /opt/ssl/certificates/test.com.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 强制跳转https
#if ($server_port !~ 443){
# rewrite ^(/.*)$ https://$host$1 permanent;
#}
# 网站的其他配置...
}