yum install epel-release yum install certbot
以下使用Webroot配置模式
在nginx的server块中加入:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /usr/local/nginx/html;
}
location = /.well-known/acme-challenge/ {
return 404;
}
重新加载nginx配置
然后执行,将your.domain.com替换为自己的域名
[crayon lang="lang"]
certbot certonly --webroot -w /usr/local/nginx/html/ -d your.domain.com -d your.domain2.com -d your.domain3.com
[/crayon]
在nginx中添加443监听,将your.domain.com替换为自己的域名
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/your.domain.com/chain.pem;
// ... other settings ...
}
重新加载nginx配置
Let's Encrypt证书每3个月就会过期,所以需要设置计划任务并记录日志
[crayon lang="lang"]
30 2 1 * * /usr/bin/certbot renew >> /var/log/le-renew.log
[/crayon]