证书配置
root@ip-172-26-45-90:~/.acme.sh# ./acme.sh --register-account -m loolwv7@gmail.com --server zerossl
[Thu Jul 1 07:36:29 UTC 2021] No EAB credentials found for ZeroSSL, let's get one
[Thu Jul 1 07:36:30 UTC 2021] Registering account: https://acme.zerossl.com/v2/DV90
[Thu Jul 1 07:36:32 UTC 2021] Registered
[Thu Jul 1 07:36:32 UTC 2021] ACCOUNT_THUMBPRINT='5gDszi5b5NOCAIbIFk_aOgnWHGJhAsRE4Fab-cTaRjk'
root@ip-172-26-34-82:~# ~/.acme.sh/acme.sh --issue -d brightmoon.de --webroot /var/www/html/ --keylength ec-256
[Thu Apr 29 09:47:47 UTC 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 29 09:47:47 UTC 2021] Single domain='brightmoon.de'
[Thu Apr 29 09:47:47 UTC 2021] Getting domain auth token for each domain
[Thu Apr 29 09:47:50 UTC 2021] Getting webroot for domain='brightmoon.de'
[Thu Apr 29 09:47:50 UTC 2021] Verifying: brightmoon.de
[Thu Apr 29 09:47:53 UTC 2021] Success
[Thu Apr 29 09:47:53 UTC 2021] Verify finished, start to sign.
[Thu Apr 29 09:47:54 UTC 2021] Lets finalize the order.
[Thu Apr 29 09:47:54 UTC 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/121746635/9367627443'
[Thu Apr 29 09:47:55 UTC 2021] Downloading cert.
[Thu Apr 29 09:47:55 UTC 2021] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04be9fb4b7bedf69dbca1c78f20feb07c8dd'
[Thu Apr 29 09:47:56 UTC 2021] Cert success.
-----BEGIN CERTIFICATE-----
MIIEVDCCAzygAwIBAgISBL6ftLe+32nbyhx48g/rB8jdMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA0MjkwODQ3NTRaFw0yMTA3MjgwODQ3NTRaMBgxFjAUBgNVBAMT
DWJyaWdodG1vb24uZGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT1g8a0tA06
CGice8KSH3KH248qPE8XBlP6wh8u9w+WHCYnzNcNAYXzI8jX9DANNai86y0Ya+GW
QkedsB+YlvyCo4ICRzCCAkMwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBScFQhUPwOU
/V+fbajkH2K7m8BozTAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBV
BggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9y
ZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAYBgNVHREEETAP
gg1icmlnaHRtb29uLmRlMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8T
AQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIB
AwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98M
LyALzE7xZOMAAAF5HQcY4wAABAMARjBEAiAPaNjvjQPDL74nL9mhlRyyb5AGem8I
iF71CVwhXb30zwIgOcYzdpPYh5opRJdkmiFsZ4MlmsNtbNQiMYzxevupjNAAdgBv
U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXkdBxkXAAAEAwBHMEUC
IH8hP+ay0G4xiPbitQMLGURBCAzuQhAlumgd9rhklNVIAiEA51I2hTnEVBW2dyOE
gj3wsKagJwH6UTbKvmxnG0tJXCEwDQYJKoZIhvcNAQELBQADggEBAEtUXmTgyG31
dhnRYGEEAsuuTdXw+Kq/t0b3b4mX1WWZt8aR1PBv2zI40qOdRMeP6nlbtTfFRQm2
7mefL8Co76zpbL7f4TkECaofnAPFUeNL4rJDy/mM58RIDgPNwPo3w/Elu4oIEtrN
zWJ1MxA/K5KyJ6RAZD6cF+J1M2u5kA9XULwWKRHkYSIPTvYDNyOmGYkjsbYbmxr2
CSyBzTI67MAKT+NS4MmgU2wq2j32Z+9jrBbjS+HxSiuIFBInyXLy8I71ghUPNSOb
RYoatraBka6Y6uTGg8yaTl367lt1Qrr6CPZlb5/Izt9nm03bCrr+I3dQZ+H7Y29I
t+suQybZyFQ=
-----END CERTIFICATE-----
[Thu Apr 29 09:47:56 UTC 2021] Your cert is in /root/.acme.sh/brightmoon.de_ecc/brightmoon.de.cer
[Thu Apr 29 09:47:56 UTC 2021] Your cert key is in /root/.acme.sh/brightmoon.de_ecc/brightmoon.de.key
[Thu Apr 29 09:47:56 UTC 2021] The intermediate CA cert is in /root/.acme.sh/brightmoon.de_ecc/ca.cer
[Thu Apr 29 09:47:56 UTC 2021] And the full chain certs is there: /root/.acme.sh/brightmoon.de_ecc/fullchain.cer
安装证书
~/.acme.sh/acme.sh --install-cert -d brightmoon.de --ecc \
--key-file /usr/local/etc/v2ray/v2ray.key \
--fullchain-file /usr/local/etc/v2ray/v2ray.crt \
--reloadcmd "service nginx force-reload"
v2ray WebSocket + TLS + Web config.json
{
"log": {
"error": "/var/log/v2ray/error.log",
"loglevel": "/var/log/v2ray/warning"
},
"inbounds": [{
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"port": 8222,
"listen":"127.0.0.1", //只监听 127.0.0.1,避免除本机外的机器探测到开放了 8222 端口
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "75567429-f6c8-495b-8d48-a91cdc91d983",
"level": 1,
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/logs"
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"outboundTag": "block",
"protocol": [
"bittorrent"
]
},
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
v2ray config.json
[root@vultr ~]# cat /etc/v2ray/config.json
{
"inbounds": [{
"port": 8675,
"protocol": "vmess",
"settings": {
"clients": [{ "id": "c2b3e7d7-ac8e-4e39-8197-561253a8e33e" }]
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
}]
}
cert renew
root@instance-2-v2ray--ss:~/.acme.sh# ~/.acme.sh/acme.sh --renew -d brightmoon.top --force --ecc
[Fri Nov 6 06:40:37 UTC 2020] Renew: 'brightmoon.top'
[Fri Nov 6 06:40:38 UTC 2020] Standalone mode.
[Fri Nov 6 06:40:38 UTC 2020] Single domain='brightmoon.top'
[Fri Nov 6 06:40:39 UTC 2020] Getting domain auth token for each domain
[Fri Nov 6 06:40:42 UTC 2020] Getting webroot for domain='brightmoon.top'
[Fri Nov 6 06:40:42 UTC 2020] brightmoon.top is already verified, skip http-01.
[Fri Nov 6 06:40:43 UTC 2020] Verify finished, start to sign.
[Fri Nov 6 06:40:43 UTC 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/88367538/6064361765
[Fri Nov 6 06:40:44 UTC 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/03374101af17edb876d522cb0e66d0db02a3
[Fri Nov 6 06:40:45 UTC 2020] Cert success.
-----BEGIN CERTIFICATE-----
MIIEiDCCA3CgAwIBAgISAzdBAa8X7bh21SLLDmbQ2wKjMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDExMDYwNTQwNDRaFw0y
MTAyMDQwNTQwNDRaMBkxFzAVBgNVBAMTDmJyaWdodG1vb24udG9wMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEGutHP0AZ9mciYGiLNObKy0yMktD7xMYFmtAD26Is
NBL8qjopPXTjo17m0RC4XMvtiPGvwg1nb3nqAJdBjGmZaaOCAmIwggJeMA4GA1Ud
DwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUq7pujNKCAAg0UYIx1Nbwwc7MdC4wHwYDVR0jBBgw
FoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUF
BzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUF
BzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAZBgNVHREE
EjAQgg5icmlnaHRtb29uLnRvcDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEE
AYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9y
ZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZ
AsEAKQaNsgiaN9kTAAABdZxJMuEAAAQDAEYwRAIgGihM9qvG2+ogjCngHyWXnzc6
vVR+nzcCl91NbrT9p1MCIEBjLis3u+oa31UYf1hs3xaMccm91HNCUNVq6ZtT48Ap
AHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF1nEky7wAABAMA
RzBFAiEA+REy+QNYNmMlomuL8YX6RrZq0E3owv8XSY8Jam9HcsICIHcOcy3ocqNd
xUycTM2Mb41RsuDuFMZYTYmcxgh5AKR9MA0GCSqGSIb3DQEBCwUAA4IBAQCW1qcm
QRXin+BZRPwN/E1qDvcf5IBmjbBMnRtNx77qdY7KsBAZ4vZ82ACpOkrRA8C4rzu0
fOnbNL2/jjua0QPzdPXMg6LoXH4PeOg2fEwNStP9NrhCkfc6U9AlvEzquC7PFHXP
W0VEjvacvvqVgPF5h+/Ty3jfQERlRAdhIx97CQ1m6CJyaJKK9q/jhdV/g2yTMZQL
IQOuzhb2b29tI0t6fazjSrRRfh1cRr/xMPykZCnjRgrGA0m6xZJqeY5O7GKskcHb
MKTDU/EmKcxCYx0a4F92L4uQZT/pIuZ1N+RHMolOVBUJvUoNezVeiYZzNFLQ4pg8
+68hleyNjH0gyy7k
-----END CERTIFICATE-----
[Fri Nov 6 06:40:45 UTC 2020] Your cert is in /root/.acme.sh/brightmoon.top_ecc/brightmoon.top.cer
[Fri Nov 6 06:40:45 UTC 2020] Your cert key is in /root/.acme.sh/brightmoon.top_ecc/brightmoon.top.key
[Fri Nov 6 06:40:45 UTC 2020] The intermediate CA cert is in /root/.acme.sh/brightmoon.top_ecc/ca.cer
[Fri Nov 6 06:40:45 UTC 2020] And the full chain certs is there: /root/.acme.sh/brightmoon.top_ecc/fullchain.cer
[Fri Nov 6 06:40:45 UTC 2020] Installing key to:/etc/v2ray/v2ray.key
[Fri Nov 6 06:40:45 UTC 2020] Installing full chain to:/etc/v2ray/v2ray.crt
upgrade
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)
采用certbot更为方便生成证书
首先关闭占用80端口的应用或服务,然后执行下面的命令
certbot certonly --standalone -d brightmoon.top -m merlyncaulfield@gmail.com