Let's Encrypt配置免费证书

使用Let’s Encrypt配置免费证书

安装snapd

1
2
3


yum install snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap

安装certbot

1
2


snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot

生成证书

证书生成目录/etc/letsencrypt/live/

1
2
3
4
5
6


#设置软连
ln -s /usr/local/nginx/conf /etc/nginx
certbot certonly --nginx

# 或者直接指定配置
certbot certonly --nginx --nginx-ctl /usr/local/nginx/sbin/nginx --nginx-server-root /usr/local/nginx/conf

证书续订

1
2


#测试续订是否正常执行
certbot renew --dry-run

1
2


#计划任务
0 0,12 * * * certbot renew

Nginx配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25


server
{
    listen 80;
    server_name upwork.momobaba.top;
    root   /home/www/upwork;
    index  index.html index.php;

    include enable-php.conf;
}

server
{
    listen       443 ssl;
    server_name demo.momobaba.top;
    root  /home/www/demo;
    ssl_certificate     /etc/letsencrypt/live/demo.momobaba.top/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/demo.momobaba.top/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;

    index index.html index.php;
    include enable-php.conf;
}

安装snapd#

安装certbot#

生成证书#

证书续订#

Nginx配置#

安装snapd

安装certbot

生成证书

证书续订

Nginx配置