NO IMAGE

一、安裝證書工具

wget https://dl.eff.org/certbot-auto
chmod 755 certbot-auto

二、生成證書並驗證

mkdir -p /data/services/tengine/ssl/manhour.test.xxx.cn
nginx配置http的80埠:
server{
  listen 80;
  location / {
root /data/services/tengine/ssl/manhour.test.xxx.cn;
index  index.html index.htm;
}
  }
./certbot-auto certonly --email [email protected] --agree-tos --webroot -w /data/services/tengine/ssl/manhour.test.xxx.cn -d manhour.test.xxx.cn

三、nginx配置https

server{
listen 80 ssl;
listen 443;
server_name manhour.test.xxx.cn 112.74.12.148 localhost;
access_log  logs/host.access.log  main;
ssl on;
ssl_certificate /etc/letsencrypt/live/manhour.test.xxx.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/manhour.test.xxx.cn/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/manhour.test.xxx.cn/chain.pem;
error_page 497  https://$host$uri?$args;
location / {
root /data/services/tengine/ssl/manhour.test.xxx.cn;
index  index.html index.htm;
}
}

四、續簽

./certbot-auto renew --dry-run
  注意:需要開通http的80埠;