为网站配置 letsencrypt ssl 证书 (for nginx)

1. 安装 Let's Encrypt

  • Debian / Ubuntu
sudo apt-get install letsencrypt
  • Redhat / CentOS
sudo yum install epel-release
sudo yum install letsencrypt
  • Others (python)
sudo pip install letsencrypt

2. 关闭 nginx & 获取证书

sudo service nginx stop
letsencrypt certonly --standalone -d your.domian -d another.domian

3. 修改配置

  • 开启 https
server {
    listen 443;
    listen [::]:443;
    server_name your.domain;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_prefer_server_ciphers on;

    # other config
}
  • 开启重定向
server {
    listen 80;
    listen [::]:80;
    server_name your.domain;
    return 301 https://$server_name$request_uri;
}

4. 开启 nginx 服务

sudo service nginx start

标签: https, letsencrypt

添加新评论