certbot获取免费ssl证书,自动续期

1，通过nginx部署网站，并添加如下节点

server {
    listen 80;
    listen [::]:80;
    server_name xxxx.xxxx.com;

    # 一定要配置这段
    location ^~ /.well-known/acme-challenge/ { 
    # 必须是真实存在的目录
        root /XXX/XXXX;
    }

    return 301 https://$server_name$request_uri;
}

2，安装certbot

yum update
yum install snap
systemctl restart snapd.service
snap install core
snap refresh core
yum remove certbot
yum install certbot
ln -s /var/lib/snapd/snap /snap
cd /snap
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot certonly --webroot  --email XXXX@XXXX -d www.XXX.cn
输出一下内容
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for www.ivall.cn
Input the webroot for www.ivall.cn: (Enter 'c' to cancel): /XXX/XXXX  #输入ngnix配置的地址

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/www.ivall.cn/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/www.ivall.cn/privkey.pem
This certificate expires on 2021-11-11.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

到此ssl证书就生成好了，证书存放在目录

Certificate is saved at: /etc/letsencrypt/live/www.ivall.cn/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/www.ivall.cn/privkey.pem

3，nginx配置ssl 访问即可

4，设置自动续期

certbot renew --force-renewal

#设置定时任务 
crontab -e 
#编辑文件并保存 
0 0 1 * * /usr/bin/certbot renew --force-renewal

此处有可能会提示snap未启动，启动即可