- nginx配置文件80端口处加上如下路径(修改完成后需要重载nginx配置文件)
location /.well-known/acme-challenge {
root /mnt/static;
}
- 执行如下命令申请证书:
docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/mnt/static:/mnt/static" certbot/certbot certonly --force-renewal -n --reinstall --agree-tos --no-eff-emai --webroot -w /mnt/static -m test@test.com -d xxx.com
- 执行完成后,在域名的443端口处加上
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
- 该方式申请的证书有效期为3个月,可定时更新证书,如每个月27号更新服务器上所有的证书
crontab -e
0 0 27 * * docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/mnt/static:/mnt/static" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/certbot renew --force-renewal -n --reinstall --no-eff-emai -n --agree-tos --renew-with-new-domains
30 0 27 * * service nginx reload # 更新完证书后需要重载nginx配置文件
网友评论