== 证书配置 == {{{ root@ip-172-26-45-90:~/.acme.sh# ./acme.sh --register-account -m loolwv7@gmail.com --server zerossl [Thu Jul 1 07:36:29 UTC 2021] No EAB credentials found for ZeroSSL, let's get one [Thu Jul 1 07:36:30 UTC 2021] Registering account: https://acme.zerossl.com/v2/DV90 [Thu Jul 1 07:36:32 UTC 2021] Registered [Thu Jul 1 07:36:32 UTC 2021] ACCOUNT_THUMBPRINT='5gDszi5b5NOCAIbIFk_aOgnWHGJhAsRE4Fab-cTaRjk' }}} {{{ root@ip-172-26-34-82:~# ~/.acme.sh/acme.sh --issue -d brightmoon.de --webroot /var/www/html/ --keylength ec-256 [Thu Apr 29 09:47:47 UTC 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory [Thu Apr 29 09:47:47 UTC 2021] Single domain='brightmoon.de' [Thu Apr 29 09:47:47 UTC 2021] Getting domain auth token for each domain [Thu Apr 29 09:47:50 UTC 2021] Getting webroot for domain='brightmoon.de' [Thu Apr 29 09:47:50 UTC 2021] Verifying: brightmoon.de [Thu Apr 29 09:47:53 UTC 2021] Success [Thu Apr 29 09:47:53 UTC 2021] Verify finished, start to sign. [Thu Apr 29 09:47:54 UTC 2021] Lets finalize the order. [Thu Apr 29 09:47:54 UTC 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/121746635/9367627443' [Thu Apr 29 09:47:55 UTC 2021] Downloading cert. [Thu Apr 29 09:47:55 UTC 2021] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04be9fb4b7bedf69dbca1c78f20feb07c8dd' [Thu Apr 29 09:47:56 UTC 2021] Cert success. -----BEGIN CERTIFICATE----- MIIEVDCCAzygAwIBAgISBL6ftLe+32nbyhx48g/rB8jdMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMTA0MjkwODQ3NTRaFw0yMTA3MjgwODQ3NTRaMBgxFjAUBgNVBAMT DWJyaWdodG1vb24uZGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT1g8a0tA06 CGice8KSH3KH248qPE8XBlP6wh8u9w+WHCYnzNcNAYXzI8jX9DANNai86y0Ya+GW QkedsB+YlvyCo4ICRzCCAkMwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBScFQhUPwOU /V+fbajkH2K7m8BozTAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBV BggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9y ZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAYBgNVHREEETAP gg1icmlnaHRtb29uLmRlMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8T AQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIB AwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98M LyALzE7xZOMAAAF5HQcY4wAABAMARjBEAiAPaNjvjQPDL74nL9mhlRyyb5AGem8I iF71CVwhXb30zwIgOcYzdpPYh5opRJdkmiFsZ4MlmsNtbNQiMYzxevupjNAAdgBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXkdBxkXAAAEAwBHMEUC IH8hP+ay0G4xiPbitQMLGURBCAzuQhAlumgd9rhklNVIAiEA51I2hTnEVBW2dyOE gj3wsKagJwH6UTbKvmxnG0tJXCEwDQYJKoZIhvcNAQELBQADggEBAEtUXmTgyG31 dhnRYGEEAsuuTdXw+Kq/t0b3b4mX1WWZt8aR1PBv2zI40qOdRMeP6nlbtTfFRQm2 7mefL8Co76zpbL7f4TkECaofnAPFUeNL4rJDy/mM58RIDgPNwPo3w/Elu4oIEtrN zWJ1MxA/K5KyJ6RAZD6cF+J1M2u5kA9XULwWKRHkYSIPTvYDNyOmGYkjsbYbmxr2 CSyBzTI67MAKT+NS4MmgU2wq2j32Z+9jrBbjS+HxSiuIFBInyXLy8I71ghUPNSOb RYoatraBka6Y6uTGg8yaTl367lt1Qrr6CPZlb5/Izt9nm03bCrr+I3dQZ+H7Y29I t+suQybZyFQ= -----END CERTIFICATE----- [Thu Apr 29 09:47:56 UTC 2021] Your cert is in /root/.acme.sh/brightmoon.de_ecc/brightmoon.de.cer [Thu Apr 29 09:47:56 UTC 2021] Your cert key is in /root/.acme.sh/brightmoon.de_ecc/brightmoon.de.key [Thu Apr 29 09:47:56 UTC 2021] The intermediate CA cert is in /root/.acme.sh/brightmoon.de_ecc/ca.cer [Thu Apr 29 09:47:56 UTC 2021] And the full chain certs is there: /root/.acme.sh/brightmoon.de_ecc/fullchain.cer }}} === 安装证书 === {{{ ~/.acme.sh/acme.sh --install-cert -d brightmoon.de --ecc \ --key-file /usr/local/etc/v2ray/v2ray.key \ --fullchain-file /usr/local/etc/v2ray/v2ray.crt \ --reloadcmd "service nginx force-reload" }}} == v2ray WebSocket + TLS + Web config.json == {{{ { "log": { "error": "/var/log/v2ray/error.log", "loglevel": "/var/log/v2ray/warning" }, "inbounds": [{ "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "port": 8222, "listen":"127.0.0.1", //只监听 127.0.0.1,避免除本机外的机器探测到开放了 8222 端口 "protocol": "vmess", "settings": { "clients": [ { "id": "75567429-f6c8-495b-8d48-a91cdc91d983", "level": 1, "alterId": 64 } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/logs" } } }], "outbounds": [{ "protocol": "freedom", "settings": {} },{ "protocol": "blackhole", "settings": {}, "tag": "blocked" }], "routing": { "domainStrategy": "AsIs", "rules": [ { "type": "field", "outboundTag": "block", "protocol": [ "bittorrent" ] }, { "type": "field", "ip": ["geoip:private"], "outboundTag": "blocked" } ] } } }}} == v2ray config.json == {{{ [root@vultr ~]# cat /etc/v2ray/config.json { "inbounds": [{ "port": 8675, "protocol": "vmess", "settings": { "clients": [{ "id": "c2b3e7d7-ac8e-4e39-8197-561253a8e33e" }] } }], "outbounds": [{ "protocol": "freedom", "settings": {} }] } }}} == cert renew == {{{ root@instance-2-v2ray--ss:~/.acme.sh# ~/.acme.sh/acme.sh --renew -d brightmoon.top --force --ecc [Fri Nov 6 06:40:37 UTC 2020] Renew: 'brightmoon.top' [Fri Nov 6 06:40:38 UTC 2020] Standalone mode. [Fri Nov 6 06:40:38 UTC 2020] Single domain='brightmoon.top' [Fri Nov 6 06:40:39 UTC 2020] Getting domain auth token for each domain [Fri Nov 6 06:40:42 UTC 2020] Getting webroot for domain='brightmoon.top' [Fri Nov 6 06:40:42 UTC 2020] brightmoon.top is already verified, skip http-01. [Fri Nov 6 06:40:43 UTC 2020] Verify finished, start to sign. [Fri Nov 6 06:40:43 UTC 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/88367538/6064361765 [Fri Nov 6 06:40:44 UTC 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/03374101af17edb876d522cb0e66d0db02a3 [Fri Nov 6 06:40:45 UTC 2020] Cert success. -----BEGIN CERTIFICATE----- MIIEiDCCA3CgAwIBAgISAzdBAa8X7bh21SLLDmbQ2wKjMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDExMDYwNTQwNDRaFw0y MTAyMDQwNTQwNDRaMBkxFzAVBgNVBAMTDmJyaWdodG1vb24udG9wMFkwEwYHKoZI zj0CAQYIKoZIzj0DAQcDQgAEGutHP0AZ9mciYGiLNObKy0yMktD7xMYFmtAD26Is NBL8qjopPXTjo17m0RC4XMvtiPGvwg1nb3nqAJdBjGmZaaOCAmIwggJeMA4GA1Ud DwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T AQH/BAIwADAdBgNVHQ4EFgQUq7pujNKCAAg0UYIx1Nbwwc7MdC4wHwYDVR0jBBgw FoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUF BzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUF BzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAZBgNVHREE EjAQgg5icmlnaHRtb29uLnRvcDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEE AYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9y ZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZ AsEAKQaNsgiaN9kTAAABdZxJMuEAAAQDAEYwRAIgGihM9qvG2+ogjCngHyWXnzc6 vVR+nzcCl91NbrT9p1MCIEBjLis3u+oa31UYf1hs3xaMccm91HNCUNVq6ZtT48Ap AHYAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF1nEky7wAABAMA RzBFAiEA+REy+QNYNmMlomuL8YX6RrZq0E3owv8XSY8Jam9HcsICIHcOcy3ocqNd xUycTM2Mb41RsuDuFMZYTYmcxgh5AKR9MA0GCSqGSIb3DQEBCwUAA4IBAQCW1qcm QRXin+BZRPwN/E1qDvcf5IBmjbBMnRtNx77qdY7KsBAZ4vZ82ACpOkrRA8C4rzu0 fOnbNL2/jjua0QPzdPXMg6LoXH4PeOg2fEwNStP9NrhCkfc6U9AlvEzquC7PFHXP W0VEjvacvvqVgPF5h+/Ty3jfQERlRAdhIx97CQ1m6CJyaJKK9q/jhdV/g2yTMZQL IQOuzhb2b29tI0t6fazjSrRRfh1cRr/xMPykZCnjRgrGA0m6xZJqeY5O7GKskcHb MKTDU/EmKcxCYx0a4F92L4uQZT/pIuZ1N+RHMolOVBUJvUoNezVeiYZzNFLQ4pg8 +68hleyNjH0gyy7k -----END CERTIFICATE----- [Fri Nov 6 06:40:45 UTC 2020] Your cert is in /root/.acme.sh/brightmoon.top_ecc/brightmoon.top.cer [Fri Nov 6 06:40:45 UTC 2020] Your cert key is in /root/.acme.sh/brightmoon.top_ecc/brightmoon.top.key [Fri Nov 6 06:40:45 UTC 2020] The intermediate CA cert is in /root/.acme.sh/brightmoon.top_ecc/ca.cer [Fri Nov 6 06:40:45 UTC 2020] And the full chain certs is there: /root/.acme.sh/brightmoon.top_ecc/fullchain.cer [Fri Nov 6 06:40:45 UTC 2020] Installing key to:/etc/v2ray/v2ray.key [Fri Nov 6 06:40:45 UTC 2020] Installing full chain to:/etc/v2ray/v2ray.crt }}} == upgrade == {{{ bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh) }}} == 采用certbot更为方便生成证书 == {{{ 首先关闭占用80端口的应用或服务,然后执行下面的命令 certbot certonly --standalone -d brightmoon.top -m merlyncaulfield@gmail.com }}}