ubuntu使用certbot给nginx添加ssl证书

首先确认网站部署完成,已经能通过80端口访问

安装certbot

sudo snap install --classic certbot

执行

sudo certbot --nginx

第一次执行需要填个邮箱来注册,所有步骤如下

// 1. 输入你的邮箱
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): [email protected]   
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// 2. 是否同意服务条款,输入y
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y    

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// 3. 是否同意接收推送邮件,输入y或n
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: xxxxx.com
2: yyyyy.com

// 4. 选择给nginx配置中的域名添加证书,输入序号选择,或直接回车选择所有
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Requesting a certificate for xxxxx.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/xxxxx.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/xxxxx.com/privkey.pem
This certificate expires on 2022-08-01.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for xxxxx.com to /etc/nginx/sites-enabled/xxxx
Congratulations! You have successfully enabled HTTPS on xxxxx.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// 5.结束,可直接访问https站点

手动更新证书

sudo certbot renew

证书有效期为3个月,默认到期前会自动更新,修改配置后需手动更新

你可能感兴趣的:(运维,nginx,ssl,ubuntu)