1.安裝前環境準備
# freebsd-update fetch install
# pkg update && pkg upgrade -y
安裝依賴包
pkg install -y unzip wget bash socat git
2.安裝 acme.sh
# pkg install -y acme.sh
3.爲你的域名獲取RSA或者ECDSA證書
注意:證書你只需要選取其中一種即可.這裏是爲了完整性所以把兩種都寫下來.
RSA證書
# acme.sh --issue --standalone -d example.com --ocsp-must-staple --keylength 2048
ECDSA證書
# acme.sh --issue --standalone -d example.com --ocsp-must-staple --keylength ec-256
注意: 將 example.com 換成自己的域名.
4.創建目錄用於存儲證書和密鑰. 這裏創建 /etc/letsencrypt 目錄來存儲
存儲RSA證書的目錄
# mkdir -p /etc/letsencrypt/example.com
存儲ECDSA證書的目錄
# mkdir -p /etc/letsencrypt/example.com_ecc
5.安裝且複製證書到目錄/etc/letsencrypt
RSA
# acme.sh --install-cert -d example.com --cert-file /etc/letsencrypt/example.com/cert.pem --key-file /etc/letsencrypt/example.com/private.key --fullchain-file /etc/letsencrypt/example.com/fullchain.pem
ECC/ECDSA
# acme.sh --install-cert -d example.com --ecc --cert-file /etc/letsencrypt/example.com_ecc/cert.pem --key-file /etc/letsencrypt/example.com_ecc/private.key --fullchain-file /etc/letsencrypt/example.com_ecc/fullchain.pem
參考:How to Enable TLS 1.3 in Nginx on FreeBSD 12
參考:Using acme.sh on FreeBSD 12
