免费SSL证书实现https访问,Let's Encrypt部署教程
0 Let's Encrypt介绍
Let's Encrypt是一家免费、开放、自动化的证书颁发机构(CA),
为公众的利益而运行(由非盈利组织互联网安全研究小组(ISRG)运营)。
1 安装Let's Encrypt
git clone https://github.com/letsencrypt/letsencrypt
2 生成通配符证书
cd letsencrypt
或者 cd certbot
./certbot-auto certonly -d *.huchangyi.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
./certbot-auto certonly -d *.huchangyi.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
3 域名服务商新增DNS
配置一条 TXT 记录
4 证书续签
crontab -e
0 /12 certbot renew --quiet --renew-hook "/etc/init.d/nginx reload"
5 证书路径
/etc/letsencrypt/live/
6 nginx配置
ssl_certificate /etc/letsencrypt/live/huchangyi.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/huchangyi.com/privkey.pem;
7 取消证书
certbot revoke --cert-path /etc/letsencrypt/live/you.cn/cert.pem
certbot delete --cert-name huchangyi.com
评论已关闭