免费SSL通配证书(基于Let‘s Encrypt) 创建 / 修改 Docker 配置如果是阿里云、腾讯云则建议接入自己云厂家的docker镜像源地址问AI或客服vi /etc/docker/daemon.json{ live-restore: true, registry-mirrors: [ https://docker.1ms.run ] }3️⃣ 重启 Docker 使配置生效注意这会关停 / 重启所有正在运行的docker容器systemctl daemon-reload systemctl restart docker4️⃣ 测试docker镜像是否可用docker pull hello-world二、Lets Encrypt 证书生成手动验证DNS方式命令运行时会暂停提示1、第一次生成时输入证书过期提醒的邮箱地址2、手动复制TXT记录到域名解析管理后台配置好后等十分钟左右再回按回车进行下一步docker run -it --rm \ -v /etc/letsencrypt:/etc/letsencrypt \ -v /var/lib/letsencrypt:/var/lib/letsencrypt \ certbot/certbot \ certonly --manual \ --preferred-challenges dns-01 \ --server https://acme-v02.api.letsencrypt.org/directory \ -d *.batsing.com -d batsing.com这段代码的意思是用docker的方式安装运行certbot容器运行后删除参数是手动验签DNS生成的证书在这里/etc/letsencrypt/live/batsing.com/ ├── fullchain.pem ├── privkey.pem ├── chain.pem └── cert.pemNginx 用这两个即可ssl_certificate /etc/letsencrypt/live/batsing.com/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/batsing.com/privkey.pem;三、Nginx配置SSL证书ssl.conf-2ssl_certificate /etc/letsencrypt/live/batsing.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/batsing.com/privkey.pem; ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;www.confserver { listen 443 ssl; server_name batsing.com www.batsing.com; #SSL证书 include vhosts/batsing/ssl.conf-2; #项目目录反向代理等配置 } #通配 HTTP - HTTPS server { listen 80; server_name batsing.com *.batsing.com; return 301 https://$host$request_uri; }四、阿里云自动续签待续域名还没转到阿里云到时直接用这一段问元宝AIdocker run -it --rm \ -v /etc/letsencrypt:/etc/letsencrypt \ -v /var/lib/letsencrypt:/var/lib/letsencrypt \ certbot/certbot \ certonly --manual \ --preferred-challenges dns-01 \ --server https://acme-v02.api.letsencrypt.org/directory \ -d *.batsing.com -d batsing.com