Centos 7.2
sudo yum install epel-release
sudo yum install certbot
修改你的服务器配置,在server模块添加:
1 2 3 4 5 6 7 8 9 10 11 |
location ^~ /.well-known/acme-challenge/{ default_type"text/plain"; root /usr/local/nginx/html; } location = /.well-known/acme-challenge/ { return404; } |
重启nginx
sudo certbot certonly –webroot -w /usr/local/nginx/html/ -d www.mindg.cn
配置证书:
1 2 3 4 5 6 7 8 9 10 11 12 |
server { listen 443 ssl; server_name www.mindg.cn; index index.php index.html index.htm; root /usr/local/nginx/html; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/letsencrypt/live/www.mindg.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.mindg.cn/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.mindg.cn/chain.pem; } |
nginx –s reload
配置自动更新:
302 * *1 /usr/bin/certbot renew >>/var/log/le-renew.log