1. 安装python2-certbot-nginx,会报错没有找到安装包可以先执行 epel-release
yum install epel-release
yum install python2-certbot-nginx
2. 生成证书 , 生成完后,配置到conf里面就好了
sudo certbot --nginx certonly 如果使用nginx插件方式验证出问题,可以使用webroot方式
sudo certbot certonly --webroot
3.填写 邮箱 、 域名、站点路径
证书生成后放到 /usr/local/nginx/conf/ssl/目录
4. SSL证书续期
sudo crontab -e
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew --config-dir=/usr/local/nginx/conf/ssl/
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.xxxay.cc/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.xxx.cc/privkey.pem
Your cert will expire on 2018-11-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
=========================================
server {
listen 80;
#/etc/letsencrypt/live/www.beebay.cc
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/www.beebay.cc/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/www.beebay.cc/privkey.pem;
server_name www.ay.cc bbay.cc bay.io www.by.io eosh.io www.eash.io;
#root /data/www/www.bay.cc;
root /data/www/officialWeb;
index index.html index.php;
# error_log /data/www/www.bay.cc/storage/logs/beebay_err.log;
location / {
# try_files $uri $uri/ /index.php?$query_string;
}
location ~ [^/]\.php(/|$) {
# allow 1.1.2.157;
# deny all;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index /index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
~
网友评论