https证书

Posted 2021-04-30 从零开始的linux

获取certbot

 
   
   
 

  
    
    
  
wget https://dl.eff.org/certbot-auto
  
    
    
  
chmod a+x certbot-auto
 
   
   
 

安装nginx

 
   
   
 

  
    
    
  
yum -y install nginx
 
   
   
 

生成证书

 
   
   
 

  
    
    
  
./certbot-auto certonly --standalone --email syf@alexorz.com --agree-tos -d alexorz.com
 
   
   
 

查看生成的证书

 
   
   
 

  
    
    
  
ll /etc/letsencrypt/live/alexorz.com/privkey.pem
  
    
    
  
lrwxrwxrwx 1 root root 38 Nov 10 01:59 /etc/letsencrypt/live/alexorz.com/privkey.pem
  
    
    
  
ll /etc/letsencrypt/live/alexorz.com/fullchain.pem 
  
    
    
  
lrwxrwxrwx 1 root root 40 Nov 10 01:59 /etc/letsencrypt/live/alexorz.com/fullchain.pem -> ../../archive/alexorz.com/fullchain1.pem
 
   
   
 

在nginx配置证书

 
   
   
 

  
    
    
  
 server {
  
    
    
  
        listen       443 ssl http2 default_server;
  
    
    
  
        listen       [::]:443 ssl http2 default_server;
  
    
    
  
        server_name  _;
  
    
    
  
        root         /usr/share/nginx/html;
  
    
    
  

  
    
    
  
        ssl_certificate "/etc/letsencrypt/live/alexorz.com/fullchain.pem";
  
    
    
  
        ssl_certificate_key "/etc/letsencrypt/live/alexorz.com/privkey.pem";
  
    
    
  
        ssl_session_cache shared:SSL:1m;
  
    
    
  
        ssl_session_timeout  10m;
  
    
    
  
        ssl_ciphers HIGH:!aNULL:!MD5;
  
    
    
  
        ssl_prefer_server_ciphers on;
  
    
    
  

  
    
    
  
        # Load configuration files for the default server block.
  
    
    
  
        include /etc/nginx/default.d/*.conf;
 
   
   
 

启动nginx

 
   
   
 

  
    
    
  
nginx