SSL证书免费获取教程

使用Certbot免费获取https证书：

环境：centOS6.8 64位、nginx已安装

方法：CentOS 5上因为python版本过低是无法用的，CentOS 6上需要先安装epel才行

一.如果是CentOS 6、7，先执行：yum install epel-release

    1.首先检查系统是否安装epel-release   

[root@localhost ~]  
# rpm -q epel-release  
package epel-release is not installed

    2.安装EPEL 

    32位：http://mirrors.ustc.edu.cn/fedora/epel/6/i386/epel-release-6-8.noarch.rpm 
    64位：http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm 

[root@localhost ~]# rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm  
Retrieving http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm  
Preparing...                ########################################### [100%]  
   1:epel-release           ########################################### [100%]

    #2.1 安装成功 

[root@localhost ~]# rpm -q epel-release  
epel-release-6-8.noarch  

    #2.2 查看其所依附的软件文件

[root@localhost ~]# rpm -qR epel-release    
/bin/sh    
/bin/sh    
config(epel-release) = 6-8  
redhat-release >= 6  
rpmlib(CompressedFileNames) <= 3.0.4-1  
rpmlib(FileDigests) <= 4.6.0-1  
rpmlib(PayloadFilesHavePrefix) <= 4.0-1  
rpmlib(PayloadIsXz) <= 5.2-1 

    #2.3 卸载

[root@localhost ~]# rpm -e epel-release  
warning: /etc/yum.repos.d/epel.repo saved as /etc/yum.repos.d/epel.repo.rpmsave

二.安装Certbot-auto

1、获取 Certbot 客户端

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help

2、停止nginx

service nginx stop

3、生成证书

./certbot-auto certonly --standalone --email [email protected] --  agree-tos -d zdw.me -d www.zdw.me -d service.zdw.me

4、查看生成的证书

ls /etc/letsencrypt/live/

5、在nginx配置证书

#证书位置
ssl_certificate /etc/letsencrypt/live/cdw.me/fullchain.pem;
# 私钥位置
ssl_certificate_key /etc/letsencrypt/live/cdw.me/privkey.pem;

6、启动nginx

service nginx start