欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

Centos 6.8 下利用 letsencrypt.sh 脚本为 nginx 配置免费 https 证书

程序员文章站 2022-03-16 16:45:04
1、下载letsencrypt.sh wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encryp...

1、下载letsencrypt.sh

wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh

2、修改letsencrypt.conf文件的参数

# vim letsencrypt.conf
 
# only modify the values, key files will be generated automaticly.
ACCOUNT_KEY="letsencrypt-account.key" 
DOMAIN_KEY="mtian.net.key"
DOMAIN_DIR="/usr/local/nginx/html"  #网站的根目录
DOMAINS="DNS:mtian.net,DNS:www.mtian.net" #你的网站域名,多个域名用,号分隔
#ECC=TRUE
#LIGHTTPD=TRUE

3、执行文件,生成https所需要的ssl证书文件

添加执行权限并执行
# chmod +x letsencrypt.sh   
# ./letsencrypt.sh letsencrypt.conf  
 
运行完成后会在当前目录生成如下文件
letsencrypt-account.key  lets-encrypt-x3-cross-signed.pem  mtian.csr
letsencrypt.conf         mtian.chained.crt                 mtian.net.key
letsencrypt.sh           mtian.crt

5、修改nginx配置文件,加入https

# vim /usr/local/nginx/conf/nginx.conf
  server {
        listen       443 ssl;
        server_name  www.mtian.net;
        ssl on;        
        ssl_certificate /usr/local/nginx/conf/mtian.chained.crt;
        ssl_certificate_key /usr/local/nginx/conf/mtian.net.key;
        location / {
            root   html;
            index  index.html index.htm;
        }
    }

6、复制letsencrypt.sh生成的mtian.chained.crt和mtian.net.key 件到 nginx.conf中指定的目录/usr/local/nginx/conf/

# cp  mtian.chained.crt /usr/local/nginx/conf/
# cp  mtian.net.key  /usr/local/nginx/conf/

7、重启nginx

# service nginx restart
Stopping nginx:                                            [  OK  ]
Starting nginx:                                            [  OK  ]