For a https site, certification is mandatory, So how to get those certification.
In this example, we will use acme.sh to apply certification,
So first install acme.sh
curl https://get.acme.sh | sh -s email=example@yourmail.comrequest certification for Nginx server, this command only works for Nginx server.
acme.sh --issue --nginx -d unki.netGenerated certification is put at /root/.acme.sh/unki.net_ecc
acme.sh --install-cert -d unki.net \
--key-file /etc/ssl/certs/unki.net.key \
--fullchain-file /etc/ssl/certs/unki.net.full.cer \
--reloadcmd "chown nginx.nginx /etc/ssl/certs/unki.net.key;systemctl restart nginx"Now we can config at Nginx to use certs at /etc/ssl/certs. and the reloadcmd is important,commands will be executed when the certs is renewed. So This command will change key file to nginx (let nginx have access to key file) and restart nginx to use new certification.
acme.sh also add an cronjob to periodically update this certification
