certbot 链接地址
AWS ec2 配置免费证书
1 # aws 参考链接:https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html 2 3 # 安装certbot 4 yum install certbot python2-certbot-nginx 5 6 # 签发证书 7 # 8 certbot certonly --email mr.liulei@qq.com --webroot -w /data/tls/ -d vaultuid.ll2019.cn -d www.ll2019.cn
nginx自动配置证书
1 # 自动配置域名证书 2 # 一键配置 3 sudo certbot --nginx 4 or 5 # 只获取证书手动来配置nginx 6 sudo certbot certonly --nginx 7 8 回车后输入域名, 9 10 # 域名自动续期 11 echo "0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
⚠️:自动配置nginx ssl 证书需要在nginx中配置443端口和域名,如下:
1 server { 2 listen 443; 3 server_name xxxx.cn; 4 # ssl_certificate /etc/letsencrypt/live/xxxx.cn/fullchain.pem; # managed by Certbot 5 # ssl_certificate_key /etc/letsencrypt/live/xxxx.cn/privkey.pem; # managed by Certbot 6 access_log /var/log/nginx/jenkins_access_log main; 7 #error_log /var/log/nginx/jenkins_error_log main; 8 client_max_body_size 60M; 9 client_body_buffer_size 512k; 10 location / { 11 proxy_pass http://localhost:8080/; 12 proxy_redirect off; 13 proxy_set_header Host $host; 14 proxy_set_header X-Real-IP $remote_addr; 15 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 16 } 17 }
# 域名证书部分不需要写,他会自动补全ssl证书,补全之后如上注释部分;