#安装certbot
yum install epel-release
yum install certbot
#配置nginx,到需要申请证书的配置文件里添加
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root 网站根目录;
}
location = /.well-known/acme-challenge/ {
return 404;
}
/usr/local/nginx/sbin/nginx -s reload
#申请证书
certbot certonly --webroot -w 网站根目录 -d 域名
#需要填写邮箱和站点需要先配置到DNS
#申请完毕配置nginx ssl
#----------------------ssl config-----------------------
ssl on;
#ssl.engine enable;
#ssl.ca-file /usr/local/nginx/cert/ca-bundle.pem;
ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/your.domain.com/chain.pem;
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
转载于:https://www.cnblogs.com/cainiaoit/p/8579683.html
扫一扫
1477
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
