nginx https配置

https://letsencrypt.org/zh-cn/getting-started/

https://certbot.eff.org/lets-encrypt/centos6-nginx

 

安装certbot-auto

  1. wget https://dl.eff.org/certbot-auto
  2. sudo mv certbot-auto /usr/local/bin/certbot-auto
  3. sudo chown root /usr/local/bin/certbot-auto
  4. sudo chmod 0755 /usr/local/bin/certbot-auto
生成证书命令(证书位置:/etc/letsencrypt/live/)
certbot-auto certonly --text --agree-tos --email [email protected] \
     --webroot -w /var/www/mediawiki/ -d doc.wechat-class.com
查看有哪些证书
certbot-auto certificates

更新证书(定时任务)

/usr/local/bin/certbot-auto renew
 0 0 * * * root /usr/local/bin/certbot-auto renew >>/tmp/renew.log 2>&1

配置nginx服务器
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/doc.wechat-class.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/doc.wechat-class.com/privkey.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

你可能感兴趣的:(linux)