申请证书

证书申请成功后，会在/etc/letsencrypt/live/proxy.cloudbypass.com/目录下生成证书文件

  certbot certonly --webroot -w /var/www/jenkins.zoowayss.top -d jenkins.zoowayss.top
certbot certonly --webroot -w /usr/share/nginx/www/admin.fastip.io -d admin.fastip.io
certbot certonly --webroot -w /var/www/yourdomain.cn -d console.yourdomain.cn

强制更新证书

certbot renew --force-renewal

强制更新脚本

#!/bin/bash
# filename: /home/renew.sh
certbot renew --force-renewal >> /var/log/certbot.log 2>&1
nginx -s reload

定时任务，每个月1号0点0分执行

# filename: /etc/cron.d/certbot
crontab -e

0 0 1 * * root /home/renew.sh

nginx 配置

server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.cn;
    root /opt/front/web/dist;

    # ssl证书认证路由
    location ^~ /.well-known/acme-challenge/ {
        root /var/www/yourdomain.cn;
    }

    # Redirect HTTP to HTTPS
    location / {
        return 301 https://$host$request_uri;
    }

    error_page 404 /404.html;
    location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}

# HTTPS server
server {
    listen 443 ssl;
    server_name yourdomain.cn;  # 替换为你的域名

    # 证书路径
    ssl_certificate /etc/letsencrypt/live/salesea.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/salesea.cn/privkey.pem;

    location / {
        root /opt/front/salesea-web/dist;
        index index.html index.htm;
        try_files $uri $uri/ /index.html;
    }

    location /api {
        rewrite ^/api(.*)$ $1 break;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://backend;
    }
}