|
1,通过nginx部署网站,并添加如下节点
server {
listen 80;
listen [::]:80;
server_name xxxx.xxxx.com;
# 一定要配置这段
location ^~ /.well-known/acme-challenge/ {
# 必须是真实存在的目录
root /XXX/XXXX;
}
return 301 https://$server_name$request_uri;
}
2,安装certbot
yum update
yum install snap
systemctl restart snapd.service
snap install core
snap refresh core
yum remove certbot
yum install certbot
ln -s /var/lib/snapd/snap /snap
cd /snap
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot certonly --webroot --email XXXX@XXXX -d www.XXX.cn
输出一下内容
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for www.ivall.cn
Input the webroot for www.ivall.cn: (Enter 'c' to cancel): /XXX/XXXX #输入ngnix配置的地址
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/www.ivall.cn/fullchain.pem
Key is saved at: /etc/letsencrypt/live/www.ivall.cn/privkey.pem
This certificate expires on 2021-11-11.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
到此ssl证书就生成好了,证书存放在目录
Certificate is saved at: /etc/letsencrypt/live/www.ivall.cn/fullchain.pem
Key is saved at: ? ? ? ? /etc/letsencrypt/live/www.ivall.cn/privkey.pem
3,nginx配置ssl 访问即可
|