1 申請密鑰
sudo certbot certonly -d "域名" -d "*.域名" --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
範例
sudo certbot certonly -d "texttool.fun" -d "*.texttool.fun" --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
注意這裡需要配置解析的txt,以阿裡雲為例
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIyZuBnLjRWOkBjNhJmZxY2NwIWM4cTZ1QTZxcTZiVjYlRzN4E2Lc52YucWbp5GZzNmLn9Gbi1yZtl2Lc9CX6MHc0RHaiojIsJye.png)
2 生成key
sudo openssl pkcs12 -export -in "/etc/letsencrypt/live/域名/cert.pem" -inkey "/etc/letsencrypt/live/域名/privkey.pem" -out "/etc/letsencrypt/live/域名/key.p12"
範例,注意記住這裡的密碼
sudo openssl pkcs12 -export -in "/etc/letsencrypt/live/texttool.fun/cert.pem" -inkey "/etc/letsencrypt/live/texttool.fun/privkey.pem" -out "/etc/letsencrypt/live/texttool.fun/key.p12"
3 配置spring boot
注意端口
server:
port: 443
ssl:
key-store: file:/etc/letsencrypt/live/texttool.fun/key.p12
key-store-password: 123456
key-store-type: PKCS12
4 配置nginx
server {
listen 80;
server_name texttool.fun;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
參考文章:
https://blog.csdn.net/yanhanhui1/article/details/117191140
https://blog.csdn.net/Tomwildboar/article/details/102841811