Fork me on GitHub

centos7 Let's Encrypt用Certbot获取Https证书 部署nginx

发表于 | 分类于

1.检查nginx下是否有--with-http_stub_status_module--with-http_ssl_module两个模块,安装之后再重新编译

1
nginx -V

2.用http克隆github上的certbot

1
git clone https://github.com/certbot/certbot /opt/certbot-master

3.安装所有依赖

1
/opt/certbot-master/letsencrypt-auto --help

4.关闭nginx,检出80端口,443端口是否有开启

1
nginx -s stop

1
firewall-cmd --query-port=80/tcp
1
firewall-cmd --query-port=443/tcp

没有的话就开启

1
firewall-cmd --permanent --zone=public --add-port=80/tcp

5.获取证书

1
/opt/certbot-master/letsencrypt-auto --nginx -d www.pinnuli.com

6.配置nginx(也可选择自动配置)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
	
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
	worker_connections 1024;
}

http {
	log_format  main  '$remote_addr - $remote_user [$time_local] "$request" 
				'$status $body_bytes_sent "$http_referer" '
				'"$http_user_agent" "$http_x_forwarded_for"';

	access_log  /var/log/nginx/access.log  main;

	sendfile            on;
	tcp_nopush          on;
	tcp_nodelay         on;
	keepalive_timeout   65;
	types_hash_max_size 2048;

	include             /etc/nginx/mime.types;
	default_type        application/octet-stream;

	include /etc/nginx/conf.d/*.conf;

	server {
		listen       80 default_server;
		listen       [::]:80 default_server;
		server_name  _;
		root        /var/www/pinnuli.github.io;

		include /etc/nginx/default.d/*.conf;

		location / {
		}

		error_page 404 /404.html;
		location = /40x.html {
		}

		error_page 500 502 503 504 /50x.html;
		location = /50x.html {
		}
	}
	server {
			server_name www.pinnuli.com; # managed by Certbot
			root        /var/www/pinnuli.github.io;
			include /etc/nginx/default.d/*.conf;
			location / {
			}
			error_page 404 /404.html;
			location = /40x.html {
			}
			error_page 500 502 503 504 /50x.html;
			location = /50x.html {
			}
			listen [::]:443 ssl ipv6only=on; # managed by Certbot
			listen 443 ssl; # managed by Certbot
			ssl_certificate /etc/letsencrypt/live/www.pinnuli.com/fullchain.pem; # managed by Certbot
			ssl_certificate_key /etc/letsencrypt/live/www.pinnuli.com/privkey.pem; # managed by Certbot
			include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
			ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}
}

7.设置自动更新

未完待续。。。

-------------本文结束感谢您的阅读-------------