使用Let's-Encrypt配置SSL证书

1. 安装 Certbot

Let’s Encrypt 证书生成不需要手动进行，官方推荐 certbot 这套自动化工具来实现。

• Nginx on CentOS/RHEL 7

  Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository. On RHEL or Oracle Linux, you must also enable the optional channel.

  Note:

  If you are using RHEL on EC2, you can enable the optional channel by running:

  $ yum -y install yum-utils
  $ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

  After doing this, you can install Certbot by running:

  $ sudo yum install certbot-nginx

• Nginx on Ubuntu 16.04 (xenial)

  On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages.

  $ sudo apt-get update
  
  $ sudo apt-get install software-properties-common
  
  $ sudo add-apt-repository ppa:certbot/certbot
  
  $ sudo apt-get update
  
  $ sudo apt-get install python-certbot-nginx 

  Certbot’s DNS plugins which can be used to automate obtaining a wildcard certificate