随着HTTPS的普及,现在配置HTTPS已经非常简单了,在Nginx下使用Certbot自动配置SSL启用HTTPS,写一份文档记录一下;
运行环境介绍:
操作系统:Ubuntu 18.04
nginx version: nginx/1.14.0 (Ubuntu)
安装Certbot-nginx
注意:如果不是以root用户登录,记得加上sudo
1. 添加Certbot PPA源
apt-get update
apt-get install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt-get update
2. 安装Certbot 及 Certbot-nginx
apt-get install certbot python-certbot-nginx
使用Certbot获取证书并自动配置Nginx
certbot --nginx
这里会有一步让你输入邮箱等信息,忘记复制出来了就不添加了;
程序询问你要给哪个域名启用HTTPS,输入序号后敲回车
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: a.e.org
2: c.a.com
3: m.b.org
4: www.c.org
5: www.d.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
4
这里会询问你是将HTTP都跳转到HTTPS,1
不跳转2
跳转
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.sanhong.org
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/www_c_org.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
2
接下来程序会自动配置nginx的配置文件
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/www_c_org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://www.c.org
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.c.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.sanhong.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.c.org/privkey.pem
Your cert will expire on 2020-05-08. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
好了到这里,HTTPS已经成功启动了,你可以去试试了。
版权所有©艾克斯记事-转载文章请注明出处(带链接)
Pingback: 使用Certbot免费申请泛域名SSL证书 – 艾克斯记事-XDIANNAO