{"id":358,"date":"2025-09-02T23:00:15","date_gmt":"2025-09-02T15:00:15","guid":{"rendered":"https:\/\/www.free-ai.top\/?p=358"},"modified":"2025-09-03T14:40:15","modified_gmt":"2025-09-03T06:40:15","slug":"%e7%94%9f%e6%88%90-iis-%e4%bd%bf%e7%94%a8%e7%9a%84%e5%85%8d%e8%b4%b9%e8%af%81%e4%b9%a6%ef%bc%883-%e4%b8%aa%e6%9c%88%e5%91%a8%e6%9c%9f%ef%bc%8c%e5%8f%af%e6%97%a0%e9%99%90%e6%9b%b4%e6%96%b0%ef%bc%89","status":"publish","type":"post","link":"https:\/\/www.free-ai.top\/?p=358","title":{"rendered":"\u751f\u6210 IIS \u4f7f\u7528\u7684\u514d\u8d39\u8bc1\u4e66\uff083 \u4e2a\u6708\u5468\u671f\uff0c\u53ef\u65e0\u9650\u66f4\u65b0\uff09"},"content":{"rendered":"

Let’s Encrypt \u662f\u4e00\u4e2a\u975e\u5e38\u5b89\u5168\u4e14\u503c\u5f97\u4fe1\u8d56\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff08CA\uff09\u3002<\/p>\n

\u5b83\u63d0\u4f9b\u7684 SSL\/TLS \u8bc1\u4e66\u5728\u6280\u672f\u4e0a\u4e0e\u5546\u4e1a\u8bc1\u4e66\uff08\u5982 DigiCert, GeoTrust, Sectigo \u7b49\uff09\u63d0\u4f9b\u7684\u52a0\u5bc6\u5f3a\u5ea6\u5b8c\u5168\u76f8\u540c\u3002\u5b83\u4eec\u90fd\u9075\u5faa\u76f8\u540c\u7684\u884c\u4e1a\u6807\u51c6\uff08X.509\u6807\u51c6\uff09\uff0c\u63d0\u4f9b\u76f8\u540c\u7684\u52a0\u5bc6\u7ea7\u522b\uff08\u4f8b\u5982 RSA \u6216 ECC \u5bc6\u94a5\uff09\u3002<\/p>\n

# \u66f4\u65b0\u8bc1\u4e66
\n~\/.acme.sh\/acme.sh –renew -d free-ai.top –force<\/p>\n

# \u7533\u8bf7\u8bc1\u4e66\uff08Linux acme.sh\uff09
\nacme.sh –issue –dns dns_ali -d free-ai.top –server letsencrypt<\/p>\n

acme.sh –install-cert -d free-ai.top \\
\n–key-file \/home\/aliketen\/docker-compose-app\/nginx\/certs\/free-ai.top_ssl.key \\
\n–fullchain-file \/\/home\/aliketen\/docker-compose-app\/nginx\/certs\/free-ai.top_ssl.crt \\
\n–reloadcmd “docker restart nginx-ds”<\/p>\n

# \u5207\u6362\u5230\u8bc1\u4e66\u76ee\u5f55
\ncd ~\/.acme.sh\/free-ai.top<\/p>\n

# \u751f\u6210 Windows\/IIS \u517c\u5bb9 PFX
\nopenssl pkcs12 -export \\
\n-out www.xxx.com_ssl_compat.pfx \\
\n-inkey www.xxx.com.key \\
\n-in www.xxx.com.cer \\
\n-certfile ca.cer \\
\n-passout pass:free-ai.top \\
\n-keypbe PBE-SHA1-3DES \\
\n-certpbe PBE-SHA1-3DES \\
\n-macalg SHA1 \\
\n-nomaciter<\/p>\n

# \u4f7f\u7528\u811a\u672c\u751f\u6210
\nsudo mkdir -p .\/scripts\/
\nsudo vi gen_pfx.sh<\/p>\n

\n#!\/bin\/bash\n\n# PFX \u5bc6\u7801\nPASSWORD="free-ai.top"\n\n# \u5982\u679c\u6ca1\u6709\u4f20\u53c2\u6570\uff0c\u5219\u63d0\u793a\nif [ $# -lt 1 ]; then\n    echo "\u7528\u6cd5: $0 \u57df\u540d1 [\u57df\u540d2 ...]"\n    exit 1\nfi\n\n# \u904d\u5386\u6240\u6709\u57df\u540d\nfor DOMAIN in "$@"; do\n    CERT_DIR="$HOME\/.acme.sh\/$DOMAIN"\n    PFX_OUT="$CERT_DIR\/${DOMAIN}_ssl_compat.pfx"\n\n    # \u68c0\u67e5\u8bc1\u4e66\u548c\u79c1\u94a5\u662f\u5426\u5b58\u5728\n    if [ ! -f "$CERT_DIR\/$DOMAIN.cer" ] || [ ! -f "$CERT_DIR\/$DOMAIN.key" ] || [ ! -f "$CERT_DIR\/ca.cer" ]; then\n        echo "\u57df\u540d $DOMAIN \u7684\u8bc1\u4e66\u6216\u79c1\u94a5\u4e0d\u5b58\u5728\uff0c\u8df3\u8fc7"\n        continue\n    fi\n\n    echo "\u6b63\u5728\u751f\u6210 Windows IIS \u517c\u5bb9 PFX: $DOMAIN"\n    openssl pkcs12 -export \\\n      -out "$PFX_OUT" \\\n      -inkey "$CERT_DIR\/$DOMAIN.key" \\\n      -in "$CERT_DIR\/$DOMAIN.cer" \\\n      -certfile "$CERT_DIR\/ca.cer" \\\n      -passout pass:$PASSWORD \\\n      -keypbe PBE-SHA1-3DES \\\n      -certpbe PBE-SHA1-3DES \\\n      -macalg SHA1 \\\n      -nomaciter\n\n    if [ $? -eq 0 ]; then\n        echo "PFX \u751f\u6210\u6210\u529f: $PFX_OUT"\n    else\n        echo "PFX \u751f\u6210\u5931\u8d25: $DOMAIN"\n    fi\n\ndone\n<\/pre>\nsudo chmod +x gen_pfx.sh<\/p>\n
\/home\/aliketen\/scripts\/gen_pfx.sh free-ai.top<\/p>\n","protected":false},"excerpt":{"rendered":"
Let’s Encrypt \u662f\u4e00\u4e2a\u975e\u5e38\u5b89\u5168\u4e14\u503c\u5f97\u4fe1\u8d56\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff08CA\uff09\u3002 \u5b83\u63d0\u4f9b\u7684 SSL\/TLS \u8bc1\u4e66\u5728\u6280\u672f\u4e0a\u4e0e\u5546\u4e1a\u8bc1\u4e66\uff08\u5982 DigiCert…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-358","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/www.free-ai.top\/index.php?rest_route=\/wp\/v2\/posts\/358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.free-ai.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.free-ai.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.free-ai.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.free-ai.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=358"}],"version-history":[{"count":3,"href":"https:\/\/www.free-ai.top\/index.php?rest_route=\/wp\/v2\/posts\/358\/revisions"}],"predecessor-version":[{"id":362,"href":"https:\/\/www.free-ai.top\/index.php?rest_route=\/wp\/v2\/posts\/358\/revisions\/362"}],"wp:attachment":[{"href":"https:\/\/www.free-ai.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.free-ai.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.free-ai.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}