You may need to upgrade your domain name to HTTPS at school or at work,
For example, you want to use the development of wechat public, small program related applications, at the time of initialization, we are required to fill in HTTS domain name as verification
This document records the entire process of configuring an HTTPS domain name
HTTPS certificates cost a lot of money, and many people feel they can’t afford them
Ali Cloud provides a free certificate, valid for one year, the text certificate is used by Ali Cloud free certificate and Let’s Encrypt, also easy to apply for
The following main record of white whao Ali Cloud certificate, and certificate configuration process
[toc]
The premise to prepare
-
You have applied for your own domain name
-
Register an Aliyun account
-
Of course, you should have your own server, install Nginx, which will be used for domain verification later
Apply for aliyun free certificate
Certificate of choose and buy
- Console search for SSL, click “Buy certificate”
- Select single domain name — DV SSL — free version, you can see the charge 0, payment will be successful prompt
To apply for the certificate
Go to the Certificate console, click Certificate Request and fill in the information
Domain name verification mode I choose manual “file verification” mode,
If your server is Ali cloud, choose “automatic DNS verification” will be very convenient, here we will follow the conventional way, but also to understand the operation and maintenance process
Preparing verification files
Here the so-called verification, in fact, through the above domain name can access, verification file, access of course can not let you use it
Nginx configuration is not difficult to configure
Download the certificate
Download according to your server type, here we choose Nginx
Upload the certificate and configure Nginx
Let’s put the SSL certificate in/SSL (whatever directory you like), unzip the downloaded certificate file and upload it to that directory
Post the Nginx configuration, remember to restart Nginx after changing the configuration
server {
#listen 80; If you force all access to be HTTPs, this line needs to be deregived
listen 443 ssl;
server_name xxx.com; # the domain name
# increase the SSL
#ssl on; This line should be turned on if HTTPs access is forced
ssl_certificate /ssl/xxxx.pem;
ssl_certificate_key /ssl/xxxxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# specify a password in the format supported by OpenSSL
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphersHIGH:! aNULL:! MD5;Password encryption mode
ssl_prefer_server_ciphers on; Server passwords that rely on SSLv3 and TLSv1 protocols will take precedence over client passwords
Define the home index directory and name
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# Redirect the error page to /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root/usr/share/nginx/html; }}Copy the codeThen you can enjoy the HTTPS experience
Dry goods gift: Nginx troubleshooting tips
During the configuration process, there may be various problems, such as access unresponsiveness,
At this point, don’t panic. We have ideas
At this time, you must observe Nginx access. Log and error. Log, from error
Nginx failed to configure the certificate once. After the certificate is configured, Nginx restarts.
Then look at error.log,
2020/05/10 03:11:39 [emerg] 1#1: cannot load certificate "/ssl/xxx.key": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
Copy the codeWith the keyword to search, randomly click into a article, suddenly notice that MY certificate configuration is wrong, ha ha, embarrassing
Correct immediately, restart, validate, OK!
