1. 安装 Let's Encrypt
sudo apt-get install letsencrypt
sudo yum install epel-release
sudo yum install letsencrypt
sudo pip install letsencrypt
2. 关闭 nginx & 获取证书
sudo service nginx stop
letsencrypt certonly --standalone -d your.domian -d another.domian
3. 修改配置
server {
listen 443;
listen [::]:443;
server_name your.domain;
ssl on;
ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
# other config
}
server {
listen 80;
listen [::]:80;
server_name your.domain;
return 301 https://$server_name$request_uri;
}
4. 开启 nginx 服务
sudo service nginx start