let's encrypt生成免费https证书 ubuntu+tomcat+nginx+let's encrypt
Posted Binz
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了let's encrypt生成免费https证书 ubuntu+tomcat+nginx+let's encrypt相关的知识,希望对你有一定的参考价值。
1. 下载let‘s encrypt
$ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install certbot
2. 生成密钥,调用之前需要停止nginx
certbot certonly --standalone -d www.域名1.com -d www.域名2.com
生成成功,提示如下
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/【这里是你的域名】/fullchain.pem. Your cert will expire on 【这里是到期时间】. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let‘s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
3. 配置nginx
listen 443 ssl; ssl_certificate /etc/letsencrypt/live/【这里是你的域名】/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/【这里是你的域名】/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; listen [::]:443 ssl ipv6only=on;
4. 重启nginx
nginx -s reload
5. 重定向http访问到https
server {
listen 80;
server_name 【这里是你的域名】;
rewrite ^(.*) https://$server_name$1 permanent;
}
以上是关于let's encrypt生成免费https证书 ubuntu+tomcat+nginx+let's encrypt的主要内容,如果未能解决你的问题,请参考以下文章
HTTP免费升级HTTPS详细步骤 Let's Encrypt
免费 Https 证书(Let's Encrypt)申请与配置