因为这个app(v26.2)没有内置acme 的中间证书,所以服务器端需要配置成使用fullchain.cer,
否则mobile app 的url测试失败。
标签: acme.sh
-
Encrypt WordPress Server with Let’s Encrypt SSL certificate
# Install acme.sh tool git clone https://github.com/Neilpang/acme.sh.git cd acme.sh ./acme.sh --install #install cert cd ~/.acme.sh# issue a RSA cert sudo ./acme.sh --issue --d blog.zhenglei.net -w /var/www/html/wordpress # issue a ECC cert ./acme.sh --issue -d blog.zhenglei.net -w /var/www/html/wordpress --keylength ec-256 # Copy the cert into target directory sudo mkdir -p /etc/nginx/ssl sudo ./acme.sh --installcert -d blog.zhenglei.net --key-file /etc/nginx/ssl/blog.zhenglei.net.ecc.key --fullchain-file /etc/nginx/ssl/blog.zhenglei.net.ecc.bundle --ecc sudo ./acme.sh --installcert -d blog.zhenglei.net --key-file /etc/nginx/ssl/blog.zhenglei.net.key --fullchain-file /etc/nginx/ssl/blog.zhenglei.net.bundle# Update nginx config
server { #listen 80; listen 443; ssl on; ssl_certificate ssl/blog.zhenglei.net.bundle; ssl_certificate_key ssl/blog.zhenglei.net.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; ... }
server {
listen 80 default_server; server_name blog.zhenglei.net;
# Let's Encrypt, http method
location ~ \.well-known
{
root /var/www/html/wordpress/;
allow all;
access_log on;
log_not_found on;
} return 301 https://$server_name$request_uri; }