使用Certbot免费获取https证书:
环境:centOS6.8 64位、nginx已安装
方法:CentOS 5上因为python版本过低是无法用的,CentOS 6上需要先安装epel才行
一.如果是CentOS 6、7,先执行:yum install epel-release
1.首先检查系统是否安装epel-release
[root@localhost ~]
# rpm -q epel-release
package epel-release is not installed
2.安装EPEL
32位:http://mirrors.ustc.edu.cn/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
64位:http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@localhost ~]# rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
#2.1 安装成功
[root@localhost ~]# rpm -q epel-release
epel-release-6-8.noarch
#2.2 查看其所依附的软件文件
[root@localhost ~]# rpm -qR epel-release
/bin/sh
/bin/sh
config(epel-release) = 6-8
redhat-release >= 6
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsXz) <= 5.2-1
#2.3 卸载
[root@localhost ~]# rpm -e epel-release
warning: /etc/yum.repos.d/epel.repo saved as /etc/yum.repos.d/epel.repo.rpmsave
二.安装Certbot-auto
1、获取 Certbot 客户端
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help
2、停止nginx
service nginx stop
3、生成证书
./certbot-auto certonly --standalone --email cdw.me@qq.com -- agree-tos -d zdw.me -d www.zdw.me -d service.zdw.me
4、查看生成的证书
ls /etc/letsencrypt/live/
5、在nginx配置证书
#证书位置
ssl_certificate /etc/letsencrypt/live/cdw.me/fullchain.pem;
# 私钥位置
ssl_certificate_key /etc/letsencrypt/live/cdw.me/privkey.pem;
6、启动nginx
service nginx start