本文链接:https://www.kxylqc.com/index.php/2016/06/20/wphttps/
来源:我的网站Pasenger's Home
1.获取证书
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly –standalone –email 邮箱 -d 域名1 -d 域名2
备注:可以使用多个-d加多个域名
PS:注意如果我们添加站点的时候,记得要先将域名解析到当前VPS服务器中,要不是获取不到SSL证书文件的,域名DNS最好用海外DNS,如果域名是海外平台的,那就用域名自身的,建议在申请获取SSL安全证书后再去更换DNS或者更换解析。
能够看到这个就说明域名DNS没有问题,选择Agree然后回车继续。
这里忘记在准备工作的时候暂停NGINX,因为占用80端口导致问题,所以才看到上面的错误提示。所以我们需要暂停NGINX占用的80端口,然后再获取。这里我用的是军哥LNMP环境,所以命令暂停Nginx是lnmp nginx stop
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/laojiang.me/fullchain.pem. Your cert will
expire on 2016-07-13. To obtain a new version of the certificate in
the future, simply run Let’s Encrypt again.
– If you like Let’s Encrypt, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
图是从网上贴的,不是我自己的。
2.nginx配置
nginx配置分为https配置和非https强制Https访问两部分,直接贴上我的配置文件吧:
server {
listen 80;
server_name www.kxylqc.com;
rewrite ^/(.*) https://www.kxylqc.com/$1 permanent;
}
server {
#listen 80;
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/kxylqc.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kxylqc.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m; server_name wordpress;
#access_log logs/host.access.log main;
index index.php;set $root_path /data/wordpress;
root $root_path;#try_files $uri $uri/ @rewrite;
location @rewrite {
rewrite ^/(.*)$ /index.php?_url=/$1; }
location ~ \.php {
# try_files $uri =404;
fastcgi_index /index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; }
location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root $root_path; }
location ~ /\.ht {
deny all; }