1、安裝 cerbot:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
要求:
- Python 2.7
- Git環境
- 連接外網
2、運行:
// 根據自己的需求調整代碼
./certbot-auto certonly --standalone --email admin@example.com -d example.com -d www.example.com -d other.example.net
成功提示:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
expire on 2016-09-04. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
3、配置Nginx:
server 不再監聽80端口,因為TLS要使用的是443端口,然后引入證書和key
server
{
listen 443 ssl; /
server_name xxx.com; //這里是你的域名
index index.html index.htm index.php default.html default.htm default.php;
root /opt/wwwroot/ //網站目錄
ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem; //前面生成的證書,改一下里面的域名就行,不建議更換路徑
ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem; //前面生成的密鑰,改一下里面的域名就行,不建議更換路徑
........
}
重啟Nginx:
sudo service nginx restart
OK!