1.安装 Nginx
apt-get install -y nginx
2.添加package repository
add-apt-repository ppa:certbot/certbot
apt-get update
3.安装Certbot的Nginx package
apt-get install -y python-certbot-nginx
4.配置站点
vi /etc/nginx/sites-available/default
server{
listen 80;
server_name your-domian.com;
index index.html;
root /data/www;
}
5.重新加载Nginx配置文件
service nginx reload
6.签发SSL证书
certbot --nginx -d your-domian.com -d www.your-domain.com
看到Congratulations!时,再次访问站点就会看到绿色的https
如果报错显示Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.则执行如下命令即可:
certbot certonly --webroot -w /data/www -d your-domian.com
certbot --authenticator standalone --installer nginx -d your-domian.com --pre-hook "service nginx stop" --post-hook "service nginx start"
7.自动更新
#可使用如下命令检测是否已生产自动更新脚本,若无则手动将certboot renew添加到cron中
certbot renew --dry-run