Let’s Encrypt 使用教程,免费的SSL证书,让你的网站拥抱 HTTPS http://diamondfsd.com/lets-encrytp-hand-https/
启用 https 简单免费的 Let’s Encrypt SSL证书配置 https://segmentfault.com/a/1190000012343679
Let’s Encrypt 终于支持通配符证书了 https://www.jianshu.com/p/c5c9d071e395
安装参考: CentOS7安装Let’s Encrypt客户端Certbot获取Https证书 https://www.yuzhi100.com/article/centos-7-install-lets-encrypt-certbot
nginx强制使用https访问(http跳转到https) https://blog.csdn.net/wzy_1988/article/details/8549290
Let’s Encrypt免费的SSL证书
——————————————————————————————-
1 2 3 4 |
cd /home wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto ./certbot-auto --nginx certonly --domains xxx.xxxx.com |
证书产生目录:/etc/letsencrypt/live/
/etc/letsencrypt/live/xxx.xxxx.com/fullchain.pem
/etc/letsencrypt/live/xxx.xxxx.com//privkey.pem
1 |
vim /etc/nginx/conf.d/kb.conf |
增加:
—————————————
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
server { listen 443; ssl on; ssl_certificate /etc/letsencrypt/live/xxx.xxxx.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxx.xxxx.com//privkey.pem; server_name xxx.xxxx.com; root /home/dev/php/kanboard; location / { root /home/dev/php/kanboard; index index.php index.html index.htm; if (-f $request_filename/index.html){ rewrite (.*) $1/index.html break; } if (-f $request_filename/index.php){ rewrite (.*) $1/index.php; } if (!-f $request_filename){ rewrite (.*) /index.php; } } location ~ \.php$ { root /home/dev/php/kanboard; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; #include fastcgi.conf; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } |
证书更新:
1 2 |
cd /home ./certbot-auto renew --dry-run |
定时任务: 每天凌晨6:30执行任务
1 |
30 6 * * * cd /home && ./certbot-auto renew >> /var/log/crontab-certbot.log 2>&1 |
查看日志:
1 |
tail -f /var/log/crontab-certbot.log |
强制从80跳转到443端口: 在80的配置的serverName下面增加
1 |
rewrite ^(.*)$ https://$host$1 permanent; |
重启服务器
1 |
service nginx restart |