以下仅演示如果自动申请证书,如果你自己准备了证书,请查阅相关教程
安装 certbot 以及 certbot nginx 插件
$ sudo yum install certbot python2-certbot-nginx -y
注:如果是 CentOS 7 可能出现安装错误, 根据提示进行修复即可
执行配置
中途会询问邮箱等基本信息,如实填写即可
$ sudo certbot --nginx
安装成功后, 最末尾会出现以下提示信息
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/你的域名/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/你的域名/privkey.pem
Your cert will expire on 2019-09-26. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
同时可以从以上输出信息中得到证书的 安装位置 在 /etc/letsencrypt/live/你的域名/ 之下,其中会包含一个 README 文件来简述该文件夹下其他文件的含义,可自行查看
自动续约
用certbot安装免费SSL证书,其有效期只有6个月的时间,可以用以下命令开启 自动续约
$ sudo certbot renew --dry-run
