====== Let's Encrypt======

以下の様にnginxでproxyを構成している前提

<code>
    _____         +-----+             +------+
 __(     )_       |nginx|             | WEB  |
(_Internet_)======|proxy|=============|Server|
  (______)        +-----+             +------+
</code>

acme.shはこの前段のnginxで動作しているものとします

===== Default server =====

  $ acme.sh --set-default-ca --server letsencrypt_test
   Changed default CA to: https://acme-staging-v02.api.letsencrypt.org/directory

===== レジスト =====
  # acme.sh --register-account -m yourname@example.com
  [...... 2022] Registering account: https://api.buypass.com/acme/directory                                　  
  [...... 2022] Registered                                                                               　 
  [...... 2022] ACCOUNT_THUMBPRINT='-DxxxxxxxAAAAAAAABBBBBBBBBBBBBBbCCCCCCCC'   

===== Nginx Proxyの設定 =====
==== webroot ディレクトリの作成 ====

  mkdir -p /usr/local/www/acme-root/.well-known/acme-challenge
  chown -R www:www /usr/local/www/acme-root

==== ACME チャレンジの設定 ====
これは別ファイルとして必要に応じて組み込む

<file config /usr/local/etc/nginx/includes/acme-webroot>
location /.well-known/acme-challenge/ {
    alias /usr/local/www/acme-root/.well-known/acme-challenge/;
}
</file>

==== Virtual hostの例 ====

<file - /usr/local/etc/nginx/sites-enabled/default>

server {
    listen 80;

    server_name mydomain.com;

    # ....

    # Let's Encrypt webroot
    include includes/acme-webroot;
}
</file>

=== domainが複数の場合の例 ===

  server_name 1.mydomain.com 2.mydomain.com 3.mydomain.com;
  または
  server_name *.mydomain.com *.testmydomain.com;

===== 証明書発行 =====