certbot安装https证书

程序员文章站 2022-04-24 13:34:08

...

获取certbot客户端

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

停止nginx服务器
```
service nginx stop
```

获取证书

#--email [email protected]是通知邮箱,如果过期提醒等,-d m.xx.com是申请https证书的域名,xx.com是一级域名
./certbot-auto certonly --standalone --email [email protected] --agree-tos -d m.xx.com

配置nginx ssl服务

server {
    listen  443 ssl;
    server_name m.xx.com;
    ssl_certificate /etc/letsencrypt/live/m.xx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/m.xx.com/privkey.pem;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
  	ssl_session_timeout  5m;
  	ssl_session_tickets off;
  	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  	ssl_prefer_server_ciphers on;
  	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    charset utf-8;
  	gzip_types text/css application/javascript;
  	error_log  /var/log/nginx/m.xx.com.error.log error;
  	client_max_body_size 30m;
    	
    location / {
        
    }
}
server {
    listen  80;
    server_name m.xx.com;
    location / {
    
    }
    #如果需要把http强制转换为https，需要配置以下内容
    if ( $host = m.xx.com ) {
        return 301 https://$host$request_uri;
    }
}

netty配置长连接

server {
    listen 443 ssl;
 		server_name netty.xx.com;
 		ssl_certificate  /etc/letsencrypt/live/netty.xx.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/netty.xx.com/privkey.pem;
 		ssl_session_cache  builtin:1000  shared:SSL:10m;
	  ssl_session_timeout  5m;
	  ssl_session_tickets off;
	  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    charset utf-8;
	  gzip_types text/css application/javascript;
	  error_log  /var/log/nginx/netty.xx.com.error.log error;
	  client_max_body_size 30m;
	
    location ^~ /netty/ {
     		proxy_pass http://127.0.0.1:9090$request_uri;
     		proxy_set_header Host $http_host;
     		proxy_set_header X-Real-IP $remote_addr;
     		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     		proxy_set_header X-Forwarded-Proto $scheme;
     		proxy_http_version 1.1;
     		proxy_set_header Upgrade $http_upgrade;
     		proxy_set_header Connection $http_connection;	       
     		proxy_connect_timeout 60s; 
     		proxy_read_timeout 2000s;
     		proxy_send_timeout 60s;
    }
}

启动nginx服务器
```
service nginx start
```
查看所有证书
```
certbot-auto certificates
```
更新所有证书
```
certbot-auto renew
```

撤销指定证书

./certbot-auto revoke --cert-path /etc/letsencrypt/live/m.xx.com/cert.pem

certbot安装https证书

Windows操作系统服务器怎样安装SSL安全证书

Android webview手动校验https证书(by 星空武哥)

win8.1系统总是安装不上支付宝数字证书的解决方法图文教程

Win10系统中怎么安装12306根证书?

PHPStudy下如何为Apache安装SSL证书的方法步骤

win8.1系统总是安装不上支付宝数字证书的解决方法图文教程

ssl加速功能（安装ssl证书步骤）

ssl加速功能（安装ssl证书步骤）

Win10系统中怎么安装12306根证书?

【SSL证书行业】HTTPS认证支撑网络安全的防护门!