一、安装证书工具
wget https://dl.eff.org/certbot-auto
chmod 755 certbot-auto
二、生成证书并验证
mkdir -p /data/services/tengine/ssl/manhour.test.xxx.cn
nginx配置http的80端口:
server{
listen 80;
location / {
root /data/services/tengine/ssl/manhour.test.xxx.cn;
index index.html index.htm;
}
}
./certbot-auto certonly --email qqbibi@xxx.cn --agree-tos --webroot -w /data/services/tengine/ssl/manhour.test.xxx.cn -d manhour.test.xxx.cn
三、nginx配置https
server{
listen 80 ssl;
listen 443;
server_name manhour.test.xxx.cn 112.74.12.148 localhost;
access_log logs/host.access.log main;
ssl on;
ssl_certificate /etc/letsencrypt/live/manhour.test.xxx.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/manhour.test.xxx.cn/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/manhour.test.xxx.cn/chain.pem;
error_page 497 https://$host$uri?$args;
location / {
root /data/services/tengine/ssl/manhour.test.xxx.cn;
index index.html index.htm;
}
}
四、续签
./certbot-auto renew --dry-run
注意:需要开通http的80端口;