申请免费的Let’s Encrypt SSL证书
安装Let’s Encrypt客户端
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
获得Let’s Encrypt证书
停止Nginx服务
sudo service nginx stop
获取证书
./letsencrypt-auto certonly --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview
提示:上面的指令会打开一个蓝屏白框的对话框,依照:选第2个(place files in webroot directory automatically use a temporary webserver(standalone)),输入Email地址,同意协议,输入域名(多个域名用空格隔开)
然后会出现类似下面的信息,表示成功。
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/i.shanbin.name/fullchain.pem. Your cert will
expire on 2017-03-02. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew *all* of your certificates, run
"letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
配置Nginx
ssl_certificate /etc/letsencrypt/live/你的域名.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/你的域名.com/privkey.pem;
证书续签
sudo service nginx stop
sudo ~/.local/share/letsencrypt/bin/letsencrypt renew
sudo service nginx restart
本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。
评论已关闭