How to deploy Let's Encrypt free SSL certificate server nginx
Nginx server
It is a high-performance HTTP server and reverse proxy; also a lightweight Web server / reverse proxy server and e-mail (IMAP / POP3) proxy server, and released under a BSD-like agreement.
Let's Encrypt Free SSL Certificates
Let's Encrypt as a public and free SSL projects customers have been gradually dissemination and use, is the organization that was launched by the network nonprofit organization ISRG (Mozilla, Cisco, Akamai, IdenTrust, EFF, etc.), the main purpose is to promote the site from HTTP to HTTPS excessive process, there are already more and more businesses to join and sponsorship support.
Nginx is one of the deployment of common server HTTPS, and Let's Encrypt free SSL certificate is almost one of the most widely used worldwide SSL certificate. Visible Many owners need to know how nginx server deployment Let's Encrypt free SSL certificate, which is an easy thing for SSL certificates are familiar with webmaster, but for people new to SSL certificates, it is a loss, in order to solve this embarrassing scene, described below based web server is nginx, the implementation of the deployment Let's Encrypt free SSL certificate.
Download project run, generate a certificate
[html] view plain copy
#git clone https://github.com/certbot/certbot
#cd certbot
#./certbot-auto certonly –standalone –email [email protected] -d example.com -d www.example.com -d other.example.net
Here is very simple, one step in the end. Command is executed certbot-auto certificate generation process, the parameters corresponding to the domain name is the webmaster email contact email address, parameter d is the domain name to an endorsement can be multiple.
Generation process prompted then agree and yes you can
See certificate
The certificate is generated / etc / Let's Encrypt / lower
[html] view plain copy
#ls /etc/Let’s Encrypt/
accounts archive csr keys live renewal
#cd /etc/Let’s Encrypt/live/example.com && ll
cert.pem - Apache server certificate
chain.pem - Apache relay certificate and root certificate
fullchain.pem - Nginx the ssl_certificate documents
privkey.pem - security certificate KEY file
This file is generated by four key certificate files, but they are all linked files only, the actual file is located in / etc / Let's Encrypt / archive / example.com
[html] view plain copy
#ls /etc/Let’s Encrypt/archive/example.com/
Chertlkpem chain1.pem fullchain1.pem Privkeylkpem
If you use tools like a docker, nginx configuration file must point to the true position, otherwise it will not read
Configuring nginx
LNMP need to add an existing site, then set up at the site corresponding CONF file
[html] view plain copy
server
{
listen 80;
#listen [::]:80;
listen 443 ssl;
ssl on;
ssl_certificate /root/ssl.crt;
ssl_certificate_key /root/ssl.key;
server_name example.com www.example.com;
There are four rows above configuration ssl words must be added to the corresponding path previously uploaded CRT and KEY file path and file name correspond no mistake.
Finally, restart LNMP, you can see the SSL certificate is valid, and HTTPS access to the site.
If you need to force the use of HTTPS URL access, it would need to take down listen 80; scripts.