官网:https://letsencrypt.org/
let’s encrypt作为一个公共且免费ssl的项目逐渐被广大用户传播和使用,是由mozilla、cisco、akamai、identrust、eff等组织人员发起,主要的目的也是为了推进网站从http向https过度的进程,目前已经有越来越多的商家加入和赞助支持。
官方客户端 certbotcertbot提供了很多命令来管理证书的获取,更新,与撤销,详情可参阅官网。
sudo git clone
https://github.com/certbot/certbot/opt/letsencrypt/opt/letsencrypt/letsencrypt-auto
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /opt/java1024/cert;
}
location = /.well-known/acme-challenge/ {
return 404;
}
export domains="java1024.club,m.java1024.club"export dir=/opt/java1024/cert
/opt/letsencrypt/letsencrypt-auto certonly --server https://acme-v01.api.letsencrypt.org/directory -a webroot --webroot-path=$dir -d $domains
listen 443;#let's encrypt
ssl_certificate /etc/letsencrypt/live/java1024.club/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/java1024.club/privkey.pem;
crontab 是用来定期检查证书有效期。
#!/bin/sh# this script renews all the let's encrypt certificates with a validity < 30 days
if ! /opt/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
echo automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1fi
nginx -t && nginx -s reload
加入定时任务
sudo crontab -e
@daily /mnt/crontab_scrpit/renew_certs.sh
export domains="java1024.club,m.java1024.club,java1024.com"
export dir=/opt/java1024/cert
/opt/letsencrypt/letsencrypt-auto certonly --server https://acme-v01.api.letsencrypt.org/directory -a webroot --webroot-path=$dir -d $domains
7. 重启服务器
nginx -s reload
访问域名,效果展示:
如对本文有疑问, 点击进行留言回复!!
如何在IDEA中对 hashCode()和 equals() 利用快捷键快速进行方法重写
springboot集成普罗米修斯(Prometheus)的方法
Tomcat启动springboot项目war包报错:启动子级时出错的问题
如何利用Spring的@Import扩展点与spring进行无缝整合
网友评论