1.安装letsencrypt
sudo apt-get install letsencrypt
2.生成证书
letsencrypt certonly --webroot -w /var/www/html -d www.a.com -d a.com
certonly 表示只颁发证书
--webroot 表示自动验证域名
-w 表示网站目录
一个-w 可对应多个-d
-d 表示颁发证书的域名
该命令会在/var/www/html(命令中-w)下生成 .well-know\acme-challenge目录,要保证此目录可以通过http访问到
3.配置nginx服务器
server {
listen 443;
listen [::]:443;
server_name www.a.com;
ssl_certificate /etc/letsencrypt/live/www.a.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.a.com/privkey.pem;
root /var/www/html/app;
index index.html index.php;
ssl on;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
4.重启nginx
service nginx restart