免费 SSL 证书 certbot 配置

certbot 链接地址

免费证书厂商：https://letsencrypt.org/zh-cn/

AWS ec2 配置免费证书

# aws 参考链接：https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html

# 安装certbot
yum install certbot python2-certbot-nginx

# 签发证书
# 
certbot certonly --email mr.liulei@qq.com --webroot -w /data/tls/ -d vaultuid.ll2019.cn -d www.ll2019.cn

nginx自动配置证书

# 自动配置域名证书
# 一键配置
sudo certbot --nginx 
or
# 只获取证书手动来配置nginx
sudo certbot certonly --nginx

回车后输入域名，

# 域名自动续期
echo "0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

⚠️：自动配置nginx ssl 证书需要在nginx中配置443端口和域名，如下：

server {
        listen       443;
        server_name  xxxx.cn;
    #   ssl_certificate /etc/letsencrypt/live/xxxx.cn/fullchain.pem; # managed by Certbot
    #   ssl_certificate_key /etc/letsencrypt/live/xxxx.cn/privkey.pem; # managed by Certbot
        access_log /var/log/nginx/jenkins_access_log main;
        #error_log  /var/log/nginx/jenkins_error_log  main;
        client_max_body_size 60M;
        client_body_buffer_size 512k;
        location / {
            proxy_pass      http://localhost:8080/;
            proxy_redirect  off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
}
# 域名证书部分不需要写，他会自动补全ssl证书，补全之后如上注释部分；