# 安装 Let's Encrypt
- Debian / Ubuntu
sudo apt-get install letsencrypt |
- Redhat / CentOS
sudo yum install epel-release | |
sudo yum install letsencrypt |
- Others (python)
sudo pip install letsencrypt |
# 关闭 nginx & 获取证书
sudo service nginx stop | |
letsencrypt certonly --standalone -d your.domian -d another.domian |
# 修改配置
# 开启 https
server { | |
listen 443; | |
listen [::]:443; | |
server_name your.domain; | |
ssl on; | |
ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem; | |
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; | |
ssl_prefer_server_ciphers on; | |
# other config | |
} |
# 开启重定向
server { | |
listen 80; | |
listen [::]:80; | |
server_name your.domain; | |
return 301 https://$server_name$request_uri; | |
} |
# 开启 nginx 服务
sudo service nginx start |