CentOS7快捷的创建免费SSL操作方法

• 参考：
  Certbot - Centosrhel7 Nginx
  Installing snap on CentOS

• 安装模块：

sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install core
sudo snap refresh
sudo snap install --classic certbot    # 国内，这个过程比较漫长，小伙子请耐心
sudo ln -s /snap/bin/certbot /usr/bin/certbot

• nginx在server_name配置域名
• 添加配置

sudo certbot --nginx  # 按提示进行操作就可以了

• 在nginx中可以看到自动处理的配置，SLL配置信息已经添加到nginx中

server {

    server_name  xxx.xxxx.com;
    root         /var/www/xxx.xxxx.com;

    error_page 404 /404.html;
        location = /404.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

    # 跨域问题处理
    location /  {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Headers Origin,X-Requested-With,Content-Type,Accept;
            return 200;
        }
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/xxx.xxxx.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/xxx.xxxx.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host =xxx.xxxx.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen       80;
    listen       [::]:80;
    server_name  xxx.xxxx.com;
    # return 404; # managed by Certbot

}

• 自动更新 使用certbot生成及自动更新证书