let's encrypt生成免費https證書 ubuntu+tomcat+nginx+let's encrypt
阿新 • • 發佈:2017-09-27
http important 免費https pri perm apt repo www. add
1. 下載let‘s encrypt
$ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install certbot
2. 生成密鑰,調用之前需要停止nginx
certbot certonly --standalone -d www.域名1.com -d www.域名2.com
生成成功,提示如下
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/【這裏是你的域名】/fullchain.pem. Your cert will expire on 【這裏是到期時間】. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let‘s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
3. 配置nginx
listen 443 ssl; ssl_certificate /etc/letsencrypt/live/【這裏是你的域名】/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/【這裏是你的域名】/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; listen [::]:443 ssl ipv6only=on;
4. 重啟nginx
nginx -s reload
5. 重定向http訪問到https
server {
listen 80;
server_name 【這裏是你的域名】;
rewrite ^(.*) https://$server_name$1 permanent;
}
let's encrypt生成免費https證書 ubuntu+tomcat+nginx+let's encrypt