Let's Encrypt 证书配置（支持通配符）

安装certbot

https://certbot.eff.org/

安装certbot

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

申请证书

sudo certbot certonly --manual -d example.com -d *.example.com --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

按照提示设置DNS解析

DNS解析

Nginx 配置

server {
    listen      80;
    server_name example.com;
    return      301     https://$server_name$request_uri;
}

server {
    listen      443 ssl;
    server_name example.com;

    charset     utf-8;
    
    add_header X-Content-Type-Options nosniff;

    ssl on;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

}

验证

浏览器打开域名，可以看到chrome已经有绿色标记，证书信息也OK

证书