11、certbot在Centos7.4配置Nginx的https签名证书

1、certbot的官网地址

https://certbot.eff.org/

2、制作证书前的准备:

需要有一个公网地址,并绑定合法域名

3、安装依赖包

# yum install epel-release

4、以下忘记了(待整理,记得用snap安装)

# cd /home/downloads

# wget https://dl.eff.org/certbot-auto --no-check-certificate

# chmod +x ./certbot-auto

# ./certbot-auto -n

yum install certbot-nginx

yum install snapd

sudo snap install core

sudo snap install --classic certbot

sudo dnf remove certbot

sudo ln -s /var/lib/snapd/snap /snap

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot certonly --nginx

sudo certbot certonly --nginx --nginx-server-root=/usr/local/nginx/conf

5、生成证书

# sudo certbot certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/wwwroot/amzzm -d amzzm.com

* --webroot -w **:网站运行的主目录

-d: 网站域名

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator webroot, Installer None

Requesting a certificate for amzzm.com

Performing the following challenges:

http-01 challenge for amzzm.com

Using the webroot path /home/wwwroot/amzzm for all unmatched domains.

Waiting for verification...

Cleaning up challenges

IMPORTANT NOTES:

- Congratulations! Your certificate and chain have been saved at:

  /etc/letsencrypt/live/amzzm.com/fullchain.pem【公钥文件,对应nginx里的ssl_certificate】

  Your key file has been saved at:

  /etc/letsencrypt/live/amzzm.com/privkey.pem【私钥文件,对应nginx里的ssl_certificate_key】

  Your certificate will expire on 2021-04-27. To obtain a new or

  tweaked version of this certificate in the future, simply run

  certbot again. To non-interactively renew *all* of your

  certificates, run "certbot renew"

- If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate

  Donating to EFF:                    https://eff.org/donate-le

6、修改nginx配置

server {

    listen 80;

    listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/amzzm.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/amzzm.com/privkey.pem;

    server_name amzzm.com www.amzzm.com;

    root /home/amzzm.com/;

}

你可能感兴趣的:(11、certbot在Centos7.4配置Nginx的https签名证书)