Let's Encrypt configuration https certificate of
1, downloading codecs
$ cd /root
$ wget https://github.com/certbot/certbot/archive/master.zip
$ unzip master.zip
$ cd certbot-master/
# 查看帮助
$ ./certbot-auto --help
2, generates a certificate, the certificate is valid 90 days
# 例子: $ ./certbot-auto certonly --standalone --agree-tos -v -t --email [email protected] -d siot.staginfo.com
# (将邮箱地址和服务器域名替换)
$ ./certbot-auto certonly --standalone --agree-tos -v -t \
--email <email> \
-d <域名>
3, the generated certificate path https
# 例子: cd /etc/letsencrypt/live/siot.staginfo.com
$ ls /etc/letsencrypt/live/<域名>
# 文件夹下的文件:cert.pem chain.pem fullchain.pem privkey.pem README
4, regenerate the certificates
$ ./certbot-auto renew
5, the certificate is automatically updated script
$ cd /root
$ vi ssl_auto_auth.sh
#/bin/sh
datetime=`date '+%Y-%m-%d %H:%M:%S'`;
echo "[$datetime] [certbot-auto renew]"
# ps: 注意检查certbot-master的路径是否正确
/root/certbot-master/certbot-auto renew --no-self-upgrade
echo "[$datetime] [nginx restart]"
# ps: 注意检查nginx的路径是否正确
/usr/local/nginx/sbin/nginx -s reload
echo "[$datetime] [ok]"
echo "=============end================"
6, configuring the timing task (No. 1 month at 2:00 AM)
$ crontab -e
# 每月1号凌晨2点执行
# ps: 注意脚本的路径是否一致
0 2 1 * * /root/ssl_auto_auth.sh >>ssl_auto_auth.log 2>&1
# 1分钟运行一次测试
*/1 * * * * /root/ssl_auto_auth.sh >>ssl_auto_auth.log 2>&1
