linux https

/usr/local/nginx/conf/vhost/

/usr/local/nginx/conf

/etc/init.d/nginx restart
lnmp restart

vi /usr/local/nginx/conf/nginx.conf

cd /root/
wget https://dl.eff.org/certbot-auto –no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

./certbot-auto certonly –email xx@gmail.com –agree-tos –webroot -w /home/wwwroot/www.xx.org -d www.xx.org

cat >/root/renew-ssl.sh<<EOF
#!/bin/bash
mkdir -p /home/wwwroot/xx.org/.well-known/acme-challenge
/root/certbot-auto –renew-by-default certonly –email xx@gmail.com -d xx.com –webroot -w /home/wwwroot/xx.org –agree-tos
/etc/init.d/nginx reload
/etc/init.d/nginx restart
EOF
chmod +x /root/renew-ssl.sh

crontab -e

0 3 * * * /root/renew-ssl.sh

listen 443 ssl;

ssl_certificate /etc/letsencrypt/live/xx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xx.com/privkey.pem;
ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

./certbot-auto renew

tar -cvf jpg.tar ./*
tar -xvf jpg.tar

只需再次运行certbot-auto。至
非交互式更新*所有*的证书,运行
“certbot-auto renew”

server
{
listen 80;
server_name xxx.com;
rewrite ^/(.*)$ https://xxx/$1 permanent;
}

发表评论

电子邮件地址不会被公开。 必填项已用*标注