Nginx 推出原生支援 ACME Protocol,之后就可以避免忘记更新凭证的问题了~
Nginx 原生支援 ACME 协定
原文:NGINX Introduces Native Support for ACME Protocol
- GitHub:nginx/nginx-acme: An NGINX module with the implementation of the automatic certificate management (ACMEv2) protocol
- nginx-acme is an NGINX module with the implementation of the automatic certificate management (ACMEv2) protocol.
ACME workflow 有下述四个步骤:(取自上述原文)
- Setting up the ACME Server # 设定范例:
acme_issuer letsencrypt {uri https://acme-v02.api.letsencrypt.org/directory;# contact admin@example.test;state_path /var/cache/nginx/acme-letsencrypt;accept_terms_of_service;}
- Allocating Shared Memory # 设定范例:
acme_shared_zone zone=acme_shared:1M;
- Configuring Challenges
- Certificate Issue and Renewal # 设定范例:
server {listen 443 ssl;server_name .example.com;acme_certificate letsencrypt;ssl_certificate $acme_certificate;ssl_certificate_key $acme_certificate_key;ssl_certificate_cache max=2;}
〈Nginx 原生支援 ACME 协定〉这篇文章最早发布于《Tsung's Blog》。
