安装Cerbot
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx
使用Cerbot中的Nginx插件(自动版,可能会不行)
sudo certbot --nginx 此命令将自动获取证书并且Certbot会编辑Nginx配置并完成所有工作, 只需在命令运行期间根据命令的提示输入你要配置SSL的域名即可。
如果想自定义Nginx配置,则使用certonly子命令即可。 sudo certbot --nginx certonly
修改Nginx的配置文件
. . . server_name example.com www.example.com; . . .
检测Nginx配置是否正确
sudo nginx -t
重启Nginx
sudo systemctl restart nginx
###获取SSL证书
sudo certbot --nginx -d 自己的域名
若成功则输出信息如下:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you’re confident your site works on HTTPS. You can undo this change by editing your web server’s configuration. Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):
输入选择后输出信息如下:
IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2017-10-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot renew” Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. If you like Certbot, please consider supporting our work by: Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
这样SSL证书就配置成功了,在浏览器以https开头试试能否成功访问即可。
自动更新证书期限
Certbot提供的证书期限为90天,执行此命令可自动续订证书。 sudo certbot renew --dry-run
如果没有报错,Certbot就会自动帮你更新证书并重载Nginx;如果更新失败,Let's Encrypt网站会发送一封邮件到你填入的邮箱告知详细情况。
另外再推荐一个很好的有各种服务器相关配置教程的网站:
DigitalOcean
其中也有详细的为Ubuntu 16.04下Nginx配置SSL证书的英文教程:
How To Secure Nginx with Let’s Encrypt on Ubuntu 16.04
原文链接:https://blog.csdn.net/m0_38025747/article/details/80602651