Site icon 时鹏亮的Blog

在Nginx上部署 Let’s Encrypt 证书

请知悉:本文最近一次更新为 9年 前,文中内容可能已经过时。

首先我们要安装git

apt-get update
apt-get -y install git

然后,检出Let's Encrypt的客户端源码

git clone https://github.com/letsencrypt/letsencrypt

这样,我们就成功的下载了Let's Encrypt的客户端

关闭nginx后进入Let's Encrypt目录

cd letsencrypt

运行Standalone插件

./letsencrypt-auto certonly --standalone

在你运行插件后,Let's Encrypt会进入初始化阶段,这时,你要输入一些信息,用于生成证书

多个域名用空格分割

如果你看到这样的文字,就说明生成了

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your
cert will expire on 2016-03-19. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

这段文字提示了证书的存放位置和过期日期
我的存放位置是 /etc/letsencrypt/live/example.com/fullchain.pem 在2016年3月19日过期
我们配置Nginx证书时的证书文件和密钥文件都在那个目录下。其中fullchain.pem包含了网站证书和根证书链

配置Nginx
修改我们的虚拟主机配置文件,在listen后面把80改成443,并加SSL,然后在下面加入我们的证书和密钥地址。

listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;

然后保存,退出,重启Nginx即可!


如您从本文得到了有价值的信息或帮助,请考虑扫描文末二维码捐赠和鼓励。

尊重他人劳动成果。转载请务必附上原文链接,我将感激不尽。


与《在Nginx上部署 Let’s Encrypt 证书》相关的博文:

Exit mobile version