Nowadays, Baidu, Google, Github and other websites have enabled https on the entire site. https is like a "lock" on the website. What HTTPS does is to encrypt the request to make it more secure for users. In addition to protecting the interests of users, it can also prevent the traffic that belongs to itself from being hijacked. Google has defined http as an insecure website. In my opinion, HTTPS is the future trend.
1、The deployment environment is Winodws Nginx
2、Let's Encrypt is a public free SSL project abroad, hosted by the Linux Foundation and initiated by organizations such as Mozilla, Cisco, Akamai, IdenTrust, and EFF!
3、The certificate is valid for three months, and the visa certificate needs to be renewed every three months
4、Use win-acme tool to generate Let's Encrypt certificate
start
Download the latest version of win-acme on github download win-acme [My version win-acme.v2.1.12.943.x86.pluggable]
Unzip win-acme, open wacs.exe
choose M [Create certificate(full options)]
choose 2 [Manual input] , then enter your domain ,
[such as : auto.example.com] , then press enter next.choose 6 . verify domain with dns
choose 2. RSA
choose 2. nginx container . then enter your Local storage file path . [such as : D:/ssl]
Choose the last of the next two options - pass
-
Don’t rush to the next step at this time, look at the information given
domain : your domain
record : host record
type : record type
content : record value
now,Go to your domain name resolution backend and fill in the corresponding value , then press enter If the verification is successful, go to your local directory to see if the encrypted file has been generated
Configure nginx, open /conf/nginx.conf then start nginx
server {
listen 443 ssl;
server_name your domain;
ssl_certificate D:/nginx-1.15.6/ssl/xxxxx-chain.pem;
ssl_certificate_key D:/nginx-1.15.6/ssl/xxxxxx-key.pem;
ssl_session_timeout 5m;
charset utf-8;
location / {
root D:/index/;
index index.html;
}
}
My small website has been configured with https . https://www.jsonformatting.com/
tips
The validity period of the certificate is 90 days
application restrictions
Top comments (1)
Hello, thank you for this. Can we Delete the TXT Entry after validation or will we still need it for when it renews every 90 days?