AWS Lightsail for Nginx虚拟机生成letsencrypt证书(Debian 10)
1.ssh到Debian虚拟机
2.install snapd
sudo apt update
sudo apt install snapd
sudo snap install core
参考连接:https://snapcraft.io/docs/installing-snapd
3.删除 certbot-auto 和任何 Certbot OS 软件包
sudo apt-get remove certbot
#或
sudo dnf remove certbot
#或
sudo yum remove certbot
4.安装certbot
sudo snap install --classic certbot
5.准备 Certbot 命令
sudo ln -s /snap/bin/certbot /usr/bin/certbot
6.运行certbot
#运行此命令来获取证书,并让 Certbot 自动编辑您的 nginx 配置来为其提供服务,一步即可打开 HTTPS 访问。
sudo certbot --nginx
#如果您感觉更保守并且想手动更改 nginx 配置,请运行此命令。
sudo certbot certonly --nginx
注意:这一步要stop nginx
7.测试自动续订
sudo certbot renew --dry-run
8.查看证书主体命令
sudo openssl x509 -in certificate.pem -noout -subject
#或
sudo openssl x509 -in certificate.pem -noout -text
9./opt/bitnami/nginx/conf/server_blocks下创建一个***.conf文件
server{
# Port to listen on, can also be set in IP:PORT format
listen 80;
server_name ****.com www.****.com;
ssl_certificate bitnami/certs/fullchain.pem;
ssl_certificate_key bitnami/certs/privkey.pem;
keepalive_timeout 65;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
client_max_body_size 80M;
listen 443 ssl;
location /{
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
参考连接:https://certbot.eff.org/instructions?ws=nginx&os=debianbuster