https://certbot.eff.org/lets-encrypt/centosrhel7-apache
下面方法已经不能用了,用上面这个网址的方法
Certbot
或者直接获取自动安装脚本,然后在按如下两种模式生成证书
1
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto # 给脚本执行权限
2 需关闭nginx情况下 查看80 443 是否被占用 netstat -anp |grep 80
./certbot-auto certonly --standalone -d fyclover.cf --email 891567062@qq.com
3 修改 nginx配置
server {
listen 443 ssl;
server_name fyclover.cf;
ssl_certificate /etc/letsencrypt/live/fyclover.cf/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fyclover.cf/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
location /ray {
proxy_pass http://127.0.0.1:10080;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}