目录

使用Letsencrypt 配置https

注意:以下都是以ubuntu 16.04 环境为例子, 默认安装好了nginx

关闭本机的80和443端口占用程序

systemctl stop nginx

安装 letsencrypt

add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx

生成ssl的秘钥

cd /etc/nginx
mkdir ssl
cd /etc/nginx/ssl
openssl dhparam -out dhparam.pem 2048

生成letsencrypt的证书

certbot certonly --standalone --email <xxx>@<xxxmail.com> -d <xxx>.com -d www.<xxx>.com

配置nginx的 http 和https跳转

server {
       listen 443 ssl http2;
       listen [::]:443 ssl http2;

        ssl_certificate /etc/letsencrypt/live/<xxx>.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/<xxx>.com/privkey.pem;
        ssl_dhparam         /etc/nginx/ssl/dhparam.pem;

        server_name <xxx>.com www.<xxx>.com;
	root /www/<xxx-path>;

        location / {
	      index index.html index.htm;
         }
}

server {
       listen         80;
       listen    [::]:80;
       server_name <xxx>.com www.<xxx>.com;
       return         301 https://$server_name$request_uri;
}

添加新域名到已有证书下

certbot certonly --cert-name example.com -d m.example.com,www.m.example.com