安装-配置免费https证书

一、安装证书工具

wget https://dl.eff.org/certbot-auto
chmod 755 certbot-auto

二、生成证书并验证

mkdir -p /data/services/tengine/ssl/manhour.test.xxx.cn

nginx配置http的80端口：

server{
　　listen 80;
　　location / {
            root /data/services/tengine/ssl/manhour.test.xxx.cn;
            index  index.html index.htm;
        }
　　}

./certbot-auto certonly --email qqbibi@xxx.cn --agree-tos --webroot -w /data/services/tengine/ssl/manhour.test.xxx.cn -d manhour.test.xxx.cn

三、nginx配置https

server{
        listen 80 ssl;
        listen 443;
        server_name manhour.test.xxx.cn 112.74.12.148 localhost;
        access_log  logs/host.access.log  main;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/manhour.test.xxx.cn/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/manhour.test.xxx.cn/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/manhour.test.xxx.cn/chain.pem;
        error_page 497  https://$host$uri?$args;
        location / {
            root /data/services/tengine/ssl/manhour.test.xxx.cn;
            index  index.html index.htm;
        }
    }

四、续签

./certbot-auto renew --dry-run
　　注意：需要开通http的80端口;