Centos7 通过 Let’s Encrypt 实现 https

1.通过git获取letsencrypt

git clone https://github.com/letsencrypt/letsencrypt 

2.关闭nginx 检查80端口是否被占用

service nginx stop

netstat -na | grep ‘:80.*LISTEN’

3.生成证书

./letsencrypt-auto certonly --standalone --email xxxxx@qq.com -d blog.muwei3.com

4.配置nginx

server {

listen 443 ssl;
server_name blog.muwei3.com;
…

ssl on;
ssl_certificate /etc/letsencrypt/live/blog.muwei3.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.muwei3.com/privkey.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ‘EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH’;
}



service nginx start

5.定时更新


crontab -e

30 2 * * 1 /root/letsencrypt/letsencrypt-auto renew >> /var/log/le-renewal.log

喜欢 0

这篇文章还没有评论

发表评论

您必须登录才能评论