## 使用Letsencrypt 配置https

注意：以下都是以ubuntu 16.04 环境为例子, 默认安装好了nginx

===== 关闭本机的80和443端口占用程序 =====

```
systemctl stop nginx
```

===== 安装 letsencrypt =====

```
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
```

===== 生成ssl的秘钥 =====

```
cd /etc/nginx
mkdir ssl
cd /etc/nginx/ssl
openssl dhparam -out dhparam.pem 2048
```

===== 生成letsencrypt的证书 =====

```
certbot certonly --standalone --email <xxx>@<xxxmail.com> -d <xxx>.com -d www.<xxx>.com
```


===== 配置nginx的 http 和https跳转=====

```
server {
       listen 443 ssl http2;
       listen [::]:443 ssl http2;

        ssl_certificate /etc/letsencrypt/live/<xxx>.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/<xxx>.com/privkey.pem;
        ssl_dhparam         /etc/nginx/ssl/dhparam.pem;

        server_name <xxx>.com www.<xxx>.com;
	root /www/<xxx-path>;

        location / {
	      index index.html index.htm;
         }
}

server {
       listen         80;
       listen    [::]:80;
       server_name <xxx>.com www.<xxx>.com;
       return         301 https://$server_name$request_uri;
}
```

===== 添加新域名到已有证书下 =====

```
certbot certonly --cert-name example.com -d m.example.com,www.m.example.com
```