之前使用Let’s Encrypt没有记录步骤,服务器到期迁移Blog又花了1个多小时。最终决定记录下步骤,真是好记性不如烂笔头。
下载Certbot
1
| $ git clone https://github.com/certbot/certbot
|
生成证书
生成证书前要先配置好DNS和关闭Nginx。
1
2
| $ cd certbot
$ ./letsencrypt-auto certonly -d www.jerrylou.me -d jerrylou.me
|
选择standalone选择,证书生成在/etc/letsencrypt/live/www.jerrylou.me/
配置Nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| server {
listen 443 ssl;
server_name www.jerrylou.me blog.jerrylou.me jerrylou.me;
ssl_certificate /etc/letsencrypt/live/www.jerrylou.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.jerrylou.me/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
root /var/www/gunsluo.github.io;
index index.html index.htm;
}
server {
listen 80 default_server;
server_name www.jerrylou.me blog.jerrylou.me jerrylou.me;
return 301 https://$server_name$request_uri;
}
|
配置Cron
1
2
3
4
| $ cat /etc/crontab
0 0 1 */2 * root systemctl stop nginx && /root/certbot/certbot-auto renew --post-hook "systemctl start nginx"
$ /etc/init.d/cron reload
|