我的环境是:centos,nginx.
将要使用 Let's Encrypt免费SSL
--------------------------------------------------------
1.获取certbot客户端
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
注:我在使用wget 下载时没有成功,开启vpn代理翻墙下载到本地再ftp上传到某目录下。离线版下载
2.停止nginx
pkill -9 nginx
3.生成证书
./certbot-auto certonly --standalone --email `你的邮箱地址` -d `你的域名地址`
执行完/etc/letsencrypt/live/有相关目录。 确保nginx进程关闭。
3.将证书用于nginx
server {
listen 80;
server_name cui.le.shop;
index index.html index.htm index.php;
access_log /data/wwwroot/cui.le.shop/log/cui.le.shop.access.log main;
error_log /data/wwwroot/cui.le.shop/log/cui.le.shop.error.log error;
set $root_path '/data/wwwroot/cui.le.shop/wwwroot';
root $root_path;
try_files $uri $uri/ @rewrite;
location @rewrite {
rewrite ^/(.*)$ /index.php/$1;
}
location ~ \.php {
# try_files $uri =404;
fastcgi_index /index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root $root_path;
expires 30d;
}
location ~ /.ht {
deny all;
}
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/cui.le.shop/fullchain.pem; # 主要是这二句
ssl_certificate_key /etc/letsencrypt/live/cui.le.shop/privkey.pem;# 主要是这二句
}
4.启动nginx
启动nginx 发现nginx不识别ssl ,ssl_certificate指令,所以重新编译nginx.
服务器有安装包路径。
-- 查找相关路径
find /|grep nginx
--安装包路径
/usr/local/src/nginx-1.10.0
-- 编译 我这里设置路径是/usr/local/webserver/nginx,没有按照默认路径走。
./configure --prefix=/usr/local/webserver/nginx --sbin-path=/usr/local/webserver/nginx/sbin/nginx --with-http_ssl_module
--生成
make
--备份旧的
cp /usr/local/webserver/nginx/sbin/nginx /usr/local/webserver/nginx/sbin/nginx.bak
--复制成新的
cp objs/nginx /usr/local/webserver/nginx/sbin/nginx
--测试
/usr/local/webserver/nginx/sbin/nginx -t
(nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful)
--启动
/usr/local/webserver/nginx/sbin/nginx -c /usr/local/webserver/nginx/conf/nginx.conf
----------------------------------------
其他几篇不错的相关文章:
WordPress建站:Linode VPS上部署SSL启用HTTPS全攻略
使用 Let's Encrypt(Certbot) 配置 HTTPS
使用 acme.sh 给 Nginx 安装 Let’ s Encrypt 提供的免费 SSL 证书