setup_https_with_nginx_and_letsencrypt
**这是本文档旧的修订版!**
目录
使用Letsencrypt 配置https
注意:以下都是以ubuntu 16.04 环境为例子, 默认安装好了nginx
关闭本机的80和443端口占用程序
systemctl stop nginx
安装 letsencrypt
add-apt-repository ppa:certbot/certbot apt-get update apt-get install python-certbot-nginx
生成ssl的秘钥
cd /etc/nginx mkdir ssl cd /etc/nginx/ssl openssl dhparam -out dhparam.pem 2048
生成letsencrypt的证书
certbot certonly --standalone --email <xxx>@<xxxmail.com> -d <xxx>.com -d www.<xxx>.com
配置nginx的 http 和https跳转
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/<xxx>.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<xxx>.com/privkey.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
server_name <xxx>.com www.<xxx>.com;
root /www/<xxx-path>;
location / {
index index.html index.htm;
}
}
server {
listen 80;
listen [::]:80;
server_name <xxx>.com www.<xxx>.com;
return 301 https://$server_name$request_uri;
}
添加新域名到已有证书下
certbot certonly --cert-name example.com -d m.example.com,www.m.example.com
setup_https_with_nginx_and_letsencrypt.1611674541.txt.gz · 最后更改: (外部编辑)