使用 Cerbot 免费证书 简单 升级 http 到 https

1、安装 cerbot:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

要求

  • Python 2.7
  • Git环境
  • 连接外网

2、运行:

// 根据自己的需求调整代码
./certbot-auto certonly --standalone --email admin@example.com -d example.com -d www.example.com -d other.example.net

成功提示:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
   expire on 2016-09-04. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

3、配置Nginx:

server 不再监听80端口,因为TLS要使用的是443端口,然后引入证书和key

server
{
    listen 443 ssl;   /
    server_name xxx.com;     //这里是你的域名
    index index.html index.htm index.php default.html default.htm default.php;
    root /opt/wwwroot/        //网站目录
    ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem;    //前面生成的证书,改一下里面的域名就行,不建议更换路径
    ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem;   //前面生成的密钥,改一下里面的域名就行,不建议更换路径 
    ........
}

重启Nginx

sudo service nginx restart

OK!

posted @ 2016-06-06 17:07  kiscall  阅读(4182)  评论(1编辑  收藏  举报