Steps to deploy certbot certificate in aws instance

#certboot certificate installation steps:

Installation preparation:
1. Install nginx service
scp -r [email protected]:/download/nginx.tar.gz /usr/local/
Extract to the current folder: tar -zxvf nginx.tar.gz
Modify the nginx.conf file: vim /usr/local/nginx/nginx.conf
Modify the folder name of the nginx service: mv nginx nginx-service
2. Add the nginx service to the system
scp -r [email protected]:/download/ nginx /etc/init.d/
Give the service file permission: chmod 755 /etc/init.d/nginx
Load the server into the system: chkconfig --add nginx
3. Modify the nginx.conf file information
4. Create nginx Boot error log file and temp folder
[root@ip-172-31-14-227 conf]# mkdir /WORK
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx
[root@ip -172-31-14-227 conf]# mkdir /WORK/nginx/nginx
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx/nginx/logs
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx/nginx/client_body_temp
[root@ip-172-31-14-227 conf]# vim /WORK/nginx/nginx/logs/error .log
5. Install the tomcat service
Copy installation package: scp -r [email protected]:/download/apache-tomcat-7.0.72.tar.gz /usr/local/
Unzip the installation package: tar -zxvf apache-tomcat- 7.0.72.tar.gz
Modify the service.xml file: Change port 8080 to port 90
Modify tomcat-user.xml file, add administrator username and password:
<role rolename="manager"/>
<role rolename="manager- script"/>
<role rolename="manager-gui"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="admin" password="### ###########" roles="manager,manager-gui,manager-script, manager-jmx,manager-status"/>

6. Add the driver jar package to the bin directory under the tomcat directory:
scp -r [email protected]:/download/mysql-connector-java-5.1.40-bin.jar /usr/local/tomcat-7.0.72/lib
7. Add the icon in the upper left corner of the browser to the tomcat directory:
scp -r [email protected]:/download/favicon.ico /usr/local/tomcat-7.0.72/webapps/ROOT/

8. Start nginx service
[root@ip-172-31-14-122 conf]# service nginx start
Starting nginx: [ OK ]

9. Obtain the certificate installation file
wget https://dl.eff.org/certbot-auto

10. Authorize the file
chmod a+x certbot-auto

11. Execute the certificate installation command
. /certbot-auto certonly --webroot -w /usr/local/static/ -d ***.com --debug

12. Enter the email address and press Enter to confirm
[email protected]

13. The pip error is as follows:
ReadTimeoutError: HTTPSConnectionPool(host='pypi.python.org', port=443): Read timed out.
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install - -upgrade pip' command.
Please install and update the pip software:
pip install --upgrade pip

14. Modify the nginx.conf file to add port 443 listening service configuration information
server {
        listen 443;
        server_name ***.com;

        ssl on;
        index index. html index.htm index.php;
        root /usr/local/static;

        ssl_certificate /etc/letsencrypt/live/***.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/***.com/privkey. pem;
        ssl_trusted_certificate /etc/letsencrypt/live/***.com/chain.pem;

        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;

        client_max_body_size 1024m;

        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        location /cashier {
                proxy_pass http: //cashier-servers/cashier;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

15. Restart the nginx server: service nginx restart

16. Add a scheduled task update to the certificate Function
[root@ip-172-31-14-227 ~]# mkdir /var/mylog
[root@ip-172-31-14-227 ~]# vim /var/mylog/le-renew.log
[root@ip-172-31-14-227 ~]# crontab -e
./certbot-auto certonly --webroot -w /usr/local/static/ -d ***.com --debug

17、完成大吉！