1、下载letsencrypt.sh
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
2、修改letsencrypt.conf文件的参数
# vim letsencrypt.conf
# only modify the values, key files will be generated automaticly.
ACCOUNT_KEY="letsencrypt-account.key"
DOMAIN_KEY="mtian.net.key"
DOMAIN_DIR="/usr/local/nginx/html" #网站的根目录
DOMAINS="DNS:mtian.net,DNS:www.mtian.net" #你的网站域名,多个域名用,号分隔
#ECC=TRUE
#LIGHTTPD=TRUE
3、执行文件,生成https所需要的ssl证书文件
添加执行权限并执行
# chmod +x letsencrypt.sh
# ./letsencrypt.sh letsencrypt.conf
运行完成后会在当前目录生成如下文件
letsencrypt-account.key lets-encrypt-x3-cross-signed.pem mtian.csr
letsencrypt.conf mtian.chained.crt mtian.net.key
letsencrypt.sh mtian.crt
5、修改nginx配置文件,加入https
# vim /usr/local/nginx/conf/nginx.conf
server {
listen 443 ssl;
server_name www.mtian.net;
ssl on;
ssl_certificate /usr/local/nginx/conf/mtian.chained.crt;
ssl_certificate_key /usr/local/nginx/conf/mtian.net.key;
location / {
root html;
index index.html index.htm;
}
}
6、复制letsencrypt.sh生成的mtian.chained.crt和mtian.net.key 件到 nginx.conf中指定的目录/usr/local/nginx/conf/
# cp mtian.chained.crt /usr/local/nginx/conf/
# cp mtian.net.key /usr/local/nginx/conf/
7、重启nginx
# service nginx restart
Stopping nginx: [ OK ]
Starting nginx: [ OK ]