HTTP upgrade HTTPS whole process record

Time:2020-5-22

We may need to upgrade the domain name to HTTPS in our study or work,

For example, if you want to use wechat to develop applications related to the public and small programs, you need to fill in the domain name of HTTs as the verification when initializing

This paper records the whole process of HTTPS domain name configuration

HTTPS certificate is not a small fee. Many people feel powerless and can’t afford it

Alicloud provides a free certificate, which is valid for one year. Alicloud’s certificate in the article is used
The free certificate and let’s encrypt are also good to apply for

The following mainly records alicloud certificate of white whoring and certificate configuration process

[toc]

Prerequisite preparation

  • You have applied for your own domain name
  • Register alicloud account
  • Of course, you should have your own server. Install nginx, which will be used in domain name verification later

Apply for alicloud free certificate

Purchase certificate

  • Search SSL on the console and click “purchase certificate”

HTTP upgrade HTTPS whole process record

  • Select the single domain name — DV SSL — free version, you can see the charging 0, and there will be a prompt if the payment is successful

HTTP upgrade HTTPS whole process record

HTTP upgrade HTTPS whole process record

Application certificate

Enter the certificate console, click certificate application and fill in the information

The domain name verification method is manual “file verification”,

If your server is alicloud’s, it’s very convenient to choose “automatic DNS authentication”. Here, we’ll follow the normal way to understand the operation and maintenance process

HTTP upgrade HTTPS whole process record

HTTP upgrade HTTPS whole process record

Prepare calibration file

HTTP upgrade HTTPS whole process record

It’s calledverificationIn fact, it can be accessed through the above domain name. If you can’t access the verification file, you can’t use it

You may need to pay attention to nginx configuration here, but it’s not difficult

HTTP upgrade HTTPS whole process record

Download certificate

Download according to your server type, here we choose nginx

HTTP upgrade HTTPS whole process record

Upload certificate, configure nginx

Let’s put the SSL Certificate in/ssl(whatever the directory is), unzip the downloaded certificate file and upload it to the directory

HTTP upgrade HTTPS whole process record

Paste the nginx configuration,Remember to restart nginx after changing the configuration

server {
    #Listen 80; ා listen to port 80. If you force that all accesses must be HTTPS, you need to log off this line
    listen    443 ssl;
    server_ name   xxx.com ; ා domain name

    #Add SSL
    #SSL on; ා if HTTP access is forced, this line should be opened
    ssl_certificate /ssl/xxxx.pem;
    ssl_certificate_key /ssl/xxxxx.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

     #Specify the password in a format supported by OpenSSL
     ssl_protocols  SSLv2 SSLv3 TLSv1.2;

     ssl_ Ciphers high:! A null:! MD5; password encryption method
     ssl_ prefer_ server_ Ciphers on; server passwords that rely on SSLv3 and tlsv1 protocols will take precedence over client passwords

     #Define the index directory and name of the first page
     location / {
        root   /usr/share/Nginx/html;
        index  index.html index.htm;
     }

    #Redirect error page to / 50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/Nginx/html;
    }
}

Then you can have a pleasant experience of HTTPS

HTTP upgrade HTTPS whole process record

Nginx troubleshooting tips

During the configuration process, there may be various problems such as no response to access, etc,

At this time, don’t panic. We have ideas

At this time, we must observe nginx’s access.log And error.log , from error.log Generally, effective information can be found, error keywords can be obtained, and then search engines can be used to analyze and solve the problem

I just failed to configure the certificate once. After nginx configures the certificate, it restarts and the URL access does not respond,

Take a look error.log ,

2020/05/10 03:11:39 [emerg] 1#1: cannot load certificate "/ssl/xxx.key": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

Search with keywords, click in a random article, and suddenly notice that my certificate configuration is wrong, ha ha, embarrassed

Correct it now, restart it, verify it, OK!

HTTP upgrade HTTPS whole process record