Two days ago, the certificate of Literal Blog expired, causing the browser to open and display danger. In fact, the LNMP used by Literal Blog supports automatic updating of SSL certificates, but I don't know why it suddenly doesn't update automatically. The LNMP manual updating certificate also displays for a long time and automatically terminates the application. In this case, Literal Blog can only choose to apply for a certificate by itself.
At present, there are quite a few free certificates available, mainly: Let's Encrypt, TrustAsia and Symantec. Of course, since Digicert announced its formal acquisition of Symantec's security certification business, the original Symantec brand certificate has been officially renamed as the Digicert brand certificate, which is the free certificate that Alibaba can apply for now.
Text Cafe chooses the TrustAsia free certificate. The application process is very simple. Text Cafe won't talk much about it here. Here it is explained that you need to fill in the certificate Company Information and contact information , individual users can Random filling The application process takes about 10 minutes, and the signing and issuing speed is quite fast.
Because Qiniu Cloud does not provide how to deploy the TrustAsia certificate, WordPress will simply talk about it here, because WordPress uses the Nginx server, so it is quite simple to deploy the certificate and directly find the corresponding blog xxx.conf
Configuration file, directly add the following rules to the corresponding server block:
server { listen 443 ssl http2; listen [::]:443 ssl http2; # IPv6 support ...... #RSA Certificate ssl_certificate /xxx/xx/rsa.crt; ssl_certificate_key /xxx/xx/rsa.key; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ...... }
The whole process of deploying TrustAsia certificates on the Nginx server is very simple!