How to use golang lego let's encrypt client behind nginx?

问题:

I'd like to setup Let's Encrypt certificate to live server with nginx with lego client written in Go https://github.com/xenolf/lego/

What I'll to do with nginx config to get certificate?

回答1:

You need to add in :80 and :443 virtual servers following location:

# http and https nginx servers location /.well-known/acme-challenge/ {     proxy_set_header Host $host;     proxy_pass http://127.0.0.1:4000$request_uri; } 

And run lego binary:

./lego.amd64 --http 127.0.0.1:4000 --email="your@address.tld" --domains domain.tld --domains some.domain.tld run 

Your certificate files stored in:

# ls -la .lego/certificates/ total 20 drwx------ 2 root root 4096 Nov  9 08:06 . drwx------ 4 root root 4096 Nov  9 08:06 .. -rw------- 1 root root 3477 Nov  9 08:15 domain.tld.crt -rw------- 1 root root  226 Nov  9 08:15 domain.tld.json -rw------- 1 root root 1679 Nov  9 08:15 domain.tld.key 

In case nginx already works with valid SSL/TLS certificate and you want to add new domain name in certificate you need to exclude tls-sni-01 solver:

./lego.amd64 --exclude=tls-sni-01  --http 127.0.0.1:4000  --email="your@address.com" --domains domain.tld --domains new.domain.tld run 

文章来源: How to use golang lego let's encrypt client behind nginx?