>sudo apt install -y python3-pip python3-setuptools python3-dev
>pip3 install --upgrade pip
>pip3 install wheel
>pip3 list | grep crypto | awk '{print $2}'
>pip3 uninstall -y cryptography
>rm -r cryptoggraphy cryptography-2.1.4.egg-info
>cd -
>pip3 install cryptography
>pip3 install certbot
>certbot certonly --standalone --agree-tos --register-unsafely-without-email -d www.ibyg.net
执行结果:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.ibyg.net
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.ibyg.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.ibyg.net/privkey.pem
Your cert will expire on 2020-09-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
nginx配置
server {
listen 443 ssl http2;
server_name www.ibyg.net;
charset utf-8;
# ssl配置
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_certificate /etc/letsencrypt/live/www.ibyg.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.ibyg.net/privkey.pem;
access_log /var/log/nginx/www.ibyg.net.access.log;
error_log /var/log/nginx/www.ibyg.net.error.log;
root /usr/share/nginx/html;
location / {
proxy_pass https://ibyg.net/;
}
}
docker run -d -v /root/Documents/nginx-assets:/usr/share/nginx/assets -v /etc/docker/nginx/conf.d:/etc/nginx/conf.d --net host nginx nginx
上一篇:自签https证书