安装
sudo apt-get update
sudo apt-get install certbot python3-certbot-nginx nginx
# 运行 Certbot 自动安装 SSL 证书 Certbot 将自动与 Let’s Encrypt 的服务器通信,验证域名,自动下载 SSL 证书并配置。
# 会自动复制第一个nginx server段的配置并配置证书到 nginx 配置中。
sudo certbot --nginx -d {domain}
生成的配置
server {
# 第一个server片段的内容
server_name {dmomain}; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/{dmomain}/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/{domain}/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = {dmomain}) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name {dmomain};
return 404; # managed by Certbot
}
更新证书
# Let’s Encrypt 的证书每 90 天需要更新一次。运行以下命令来测试自动更新是否正常工作:
# 若测试成功,证书将自动更新,无需任何其他操作。
sudo certbot renew --dry-run
删除证书
# 列出 Certbot 管理的所有证书
sudo certbot certificates
sudo certbot delete --cert-name {name_of_certificate}