https://letsencrypt.org/zh-cn/getting-started/
https://certbot.eff.org/lets-encrypt/centos6-nginx
安装certbot-auto
- wget https://dl.eff.org/certbot-auto
- sudo mv certbot-auto /usr/local/bin/certbot-auto
- sudo chown root /usr/local/bin/certbot-auto
- sudo chmod 0755 /usr/local/bin/certbot-auto
生成证书命令(证书位置:/etc/letsencrypt/live/)
certbot-auto certonly --text --agree-tos --email 874119953@qq.com \
--webroot -w /var/www/mediawiki/ -d doc.wechat-class.com
查看有哪些证书
certbot-auto certificates
更新证书(定时任务)
/usr/local/bin/certbot-auto renew
0 0 * * * root /usr/local/bin/certbot-auto renew >>/tmp/renew.log 2>&1
配置nginx服务器
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/doc.wechat-class.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/doc.wechat-class.com/privkey.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;