欢迎光临,赤鹿小组
记录过程,分享经验

基于Let’s Encrypthttps申请免费SSL证书

免费的https证书(Let’s Encrypt)申请

下载安装

[[email protected] certbot]#git clone https://github.com/certbot/certbot
[[email protected] certbot]#cd certbot/
[[email protected] certbot]#./certbot-auto certonly --webroot --agree-tos -v -t --email [email protected] -w /usr/local/nginx/html/ -d example.com
……
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2019-02-19. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
[[email protected] certbot]# openssl dhparam -out /etc/ssl/certs/dhparams.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
................................................................................+........................+.............

Nginx配置

server {
    listen       443 ssl;
    server_name  localhost;
    charset utf-8;
    ssl_certificate      /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_dhparam /etc/ssl/certs/dhparams.pem;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    location / {
        proxy_pass http://localhost:8081;
    }
}

证书更新

[[email protected] certbot]# ./certbot-auto renew

参考连接:https://keelii.com/2016/06/12/free-https-cert-lets-encrypt-apply-install/

赞(0)

相关推荐

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址