使用Let’s Encrypt为你的网站开启HTTPS

之前使用Let’s Encrypt没有记录步骤,服务器到期迁移Blog又花了1个多小时。最终决定记录下步骤,真是好记性不如烂笔头。

下载Certbot

1
$ git clone https://github.com/certbot/certbot

生成证书

生成证书前要先配置好DNS和关闭Nginx。

1
2
$ cd certbot
$ ./letsencrypt-auto certonly -d www.jerrylou.me -d jerrylou.me

选择standalone选择,证书生成在/etc/letsencrypt/live/www.jerrylou.me/

配置Nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
server {
listen 443 ssl;
server_name www.jerrylou.me blog.jerrylou.me jerrylou.me;

ssl_certificate /etc/letsencrypt/live/www.jerrylou.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.jerrylou.me/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

root /var/www/gunsluo.github.io;
index index.html index.htm;
}

server {
listen 80 default_server;
server_name www.jerrylou.me blog.jerrylou.me jerrylou.me;
return 301 https://$server_name$request_uri;
}

配置Cron

1
2
3
4
$ cat /etc/crontab
0 0 1 */2 * root systemctl stop nginx && /root/certbot/certbot-auto renew --post-hook "systemctl start nginx"

$ /etc/init.d/cron reload