安装Let’s Encrypt客户端

git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto --help
获得Let’s Encrypt证书

停止Nginx服务
sudo service nginx stop

获取证书
./letsencrypt-auto certonly --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview
提示:上面的指令会打开一个蓝屏白框的对话框,依照:选第2个(place files in webroot directory automatically use a temporary webserver(standalone)),输入Email地址,同意协议,输入域名(多个域名用空格隔开)

然后会出现类似下面的信息,表示成功。
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/i.shanbin.name/fullchain.pem. Your cert will expire on 2017-03-02. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

配置Nginx
ssl_certificate /etc/letsencrypt/live/你的域名.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/你的域名.com/privkey.pem;
证书续签

sudo service nginx stop sudo ~/.local/share/letsencrypt/bin/letsencrypt renew sudo service nginx restart