欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

certbot安装https证书

程序员文章站 2022-04-24 13:34:08
...

 

  1. 获取certbot客户端
    wget https://dl.eff.org/certbot-auto
    chmod a+x certbot-auto

     

  2. 停止nginx服务器
    service nginx stop

     

  3. 获取证书
    #--email [email protected]是通知邮箱,如果过期提醒等,-d m.xx.com是申请https证书的域名,xx.com是一级域名
    ./certbot-auto certonly --standalone --email [email protected] --agree-tos -d m.xx.com

     

  4. 配置nginx ssl服务
    server {
        listen  443 ssl;
        server_name m.xx.com;
        ssl_certificate /etc/letsencrypt/live/m.xx.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/m.xx.com/privkey.pem;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
      	ssl_session_timeout  5m;
      	ssl_session_tickets off;
      	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      	ssl_prefer_server_ciphers on;
      	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
        charset utf-8;
      	gzip_types text/css application/javascript;
      	error_log  /var/log/nginx/m.xx.com.error.log error;
      	client_max_body_size 30m;
        	
        location / {
            
        }
    }
    server {
        listen  80;
        server_name m.xx.com;
        location / {
        
        }
        #如果需要把http强制转换为https,需要配置以下内容
        if ( $host = m.xx.com ) {
            return 301 https://$host$request_uri;
        }
    }

     

  5. netty配置长连接
    server {
        listen 443 ssl;
     		server_name netty.xx.com;
     		ssl_certificate  /etc/letsencrypt/live/netty.xx.com/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/netty.xx.com/privkey.pem;
     		ssl_session_cache  builtin:1000  shared:SSL:10m;
    	  ssl_session_timeout  5m;
    	  ssl_session_tickets off;
    	  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        charset utf-8;
    	  gzip_types text/css application/javascript;
    	  error_log  /var/log/nginx/netty.xx.com.error.log error;
    	  client_max_body_size 30m;
    	
        location ^~ /netty/ {
         		proxy_pass http://127.0.0.1:9090$request_uri;
         		proxy_set_header Host $http_host;
         		proxy_set_header X-Real-IP $remote_addr;
         		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         		proxy_set_header X-Forwarded-Proto $scheme;
         		proxy_http_version 1.1;
         		proxy_set_header Upgrade $http_upgrade;
         		proxy_set_header Connection $http_connection;	       
         		proxy_connect_timeout 60s; 
         		proxy_read_timeout 2000s;
         		proxy_send_timeout 60s;
        }
    }

     

  6. 启动nginx服务器
    service nginx start

     

  7. 查看所有证书
    certbot-auto certificates

     

  8. 更新所有证书
    certbot-auto renew

     

  9. 撤销指定证书
    ./certbot-auto revoke --cert-path /etc/letsencrypt/live/m.xx.com/cert.pem

     

相关标签: server