//letsencrypt相关命令
apt-get update
apt-get install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot python-certbot-nginx
certbot --nginx 自动获取证书并允许自动修改配置文件
certbot certonly --webroot -w /var/www/html -d demo.cn 手动获取证书并手动动修改配置文件
certbot revoke --cert-path /etc/letsencrypt/live/demo.cn/cert.pem 撤销证书
certbot delete --cert-name demo.cn 删除证书
certbot certificates 查看所有证书
//手动获取证书修改配置文件步骤
1.//证书验证
location ^~ /.well-known/acme-challenge/ {
default_type “text/plain”;
root /var/www/html;
}
location = /.well-known/acme-challenge/ {
return 404;
}
2.//执行certbot certonly --webroot -w /var/www/html -d demo.cn
3.//修改配置文件(引入证书所需公钥、私钥)
listen 443 ssl;
#listen [::]:443 ssl ipv6only=on;
ssl_certificate /etc/letsencrypt/live/demo.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demo.cn/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/demo.cn/chain.pem;
4.//强制跳转https
server {
}
点击查看更多