開始安裝https
假設運行環境爲centos7.1,Web 服務器是 Nginx 1.12.0(因爲我的生產環境是),當前工作目錄爲 /root
獲取certbot客戶端
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
單個域名下發
./certbot-auto certonly --standalone --email 你的郵箱地址 -d 你的域名地址
多域名下發
./certbot-auto certonly --standalone --email 你的郵箱地址 -d 你的域名1 -d 你的域名2
查看生產的證書目錄
cd /etc/letsencrypt/live/
nignix配置
vim test.conf
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem;
#ssl_certificate /etc/letsencrypt/live/test.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem;
ssl_prefer_server_ciphers on;
#選擇tlsv的版本協議
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_session_timeout 5m;
resolver 8.8.8.8 8.8.4.4 223.5.5.5 valid=300s;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000;";
charset utf-8;
server_name test.com;
root /home/test;
location / {
root /home/test;
index index.php index.html index.htm;
if (!-e $request_filename){
rewrite ^(.*)$ /$1.php last;
break;
}
}#php調用
location ~ .php$ {
fastcgi_pass unix:/dev/shm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
重啓nginx
證書續簽
./certbot-auto renew