Let's Encrypt

a free, automated, and open Certificate Authority

一个免费、自动化、开放的证书颁发机构

Created by NianQin

HTTPS LOGO

  • Google Chrome
  • Firefox
  • Safari
  • IE11
  • Edage
  • UC

Sponsors

赞助商

How  to  do

怎么做

下载certbot

wget https://dl.eff.org/certbot-auto

添加可执行权限

chmod a+x ./certbot-auto

Webroot验证配置


location ~ /.well-known {
	allow all;
}
						

申请证书


sudo ./certbot-auto certonly --webroot -w /home/nianqin/nginx/nginx-1.9.6/build/html -d encrypt.ppt.qjzd.net
						

nginx关联证书


ssl_certificate      /etc/letsencrypt/live/encrypt.ppt.qjzd.net/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/encrypt.ppt.qjzd.net/privkey.pem;
						

重启nginx


sudo nginx -s reload
						

更新证书


sudo ./certbot-auto renew --dry-run
						

定时更新证书

sudo crontab -e

30 2 * * 1 /home/nianqin/letsencrypt/certbot-auto renew --renew-hook "/home/nianqin/nginx/nginx-1.9.6/build/sbin/nginx -s reload"
						

The End

- letsencrypt官网
- cerbot使用手册
- Let's Encrypt 上线的意义
- Let's Encrypt申请证书过程

Thanks