1.安装Certbot
$ sudo apt install certbot python3-certbot-nginx
2.生成证书
$ sudo certbot --nginx -d 子域名.主域名.cn --agree-tos -n --email wsw@qq.com
SSL证书具体位置:/etc/letsencrypt/live下
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/子域名.主域名.cn/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/子域名.主域名.cn/privkey.pem
Your cert will expire on 2018-09-29. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
HTTPS 证书相关的文件在**/etc/letsencrypt/**目录中:
find /etc/letsencrypt/ -name "*子域名.主域名.cn*"
/etc/letsencrypt/renewal/子域名.主域名.cn.conf
/etc/letsencrypt/archive/子域名.主域名.cn
/etc/letsencrypt/live/子域名.主域名.cn
certbot 会自动修改 nginx 配置文件:
cat /etc/nginx/conf.d/你的域名.conf
server
{
listen 80;
server_name 子域名.主域名.cn;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/子域名.主域名.cn/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/子域名.主域名.cn/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
通过上面两步,直接将Nginx配置写入了已存在的配置文件
证书三个月会过期,但是可以无限续签,可通过以上命令重新申请,也可重新需续签或者自动续签
2.2、仅生成证书
$ sudo certbot certonly --nginx
3、手动续签
$ sudo certbot renew --force-renew
4、自动续签
crontab -e
0 3 1 * * certbot renew --force-renew
5、重启 nginx:
sudo nginx -s reload
扫一扫
2533
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
