Loading... # 使用Let's Encrypt配置网站https证书 进入[certbot官网](https://certbot.eff.org/),填写网页服务器架构(以CentOS 7上使用Nginx为例)。  当然使用你需要会使用命令行,http服务器在线且在80端口,并且能够ssh登入服务器、拥有sudo权限。 选择常规cert,wildcard cert需要其他配置没看。 CentOS需要[启用EPEL库](https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F) 安装Certbot ```shell sudo yum install certbot python2-certbot-nginx ``` 获得证书并自动配置nginx配置文件 certbot会自动识别Nginx配置中的域名,直接回车为全部域名启用https ```txt sudo certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: xxx.xxx - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): Obtaining a new certificate Resetting dropped connection: acme-v02.api.letsencrypt.org Deploying Certificate to VirtualHost /etc/nginx/nginx.conf ``` 选择是否重定向http访问到https:1 不重定向,2 重定向(会修改自动Nginx配置文件) ```txt Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://xxx.xxx You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=xxx.xxx - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/zerovoid.xyz/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/zerovoid.xyz/privkey.pem Your cert will expire on 2019-11-18. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le ``` 最后自动renew证书 ```txt echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/null ``` 完成。 很成功的水了一篇博客。 最后修改:2020 年 11 月 06 日 08 : 45 PM © 允许规范转载