Ubuntu18.04 Nginx自动配置ssl证书启用HTTPS

Nginx自动配置SSL.jpg

  随着HTTPS的普及,现在配置HTTPS已经非常简单了,在Nginx下使用Certbot自动配置SSL启用HTTPS,写一份文档记录一下;

运行环境介绍:

操作系统:Ubuntu 18.04
nginx version: nginx/1.14.0 (Ubuntu)

安装Certbot-nginx

注意:如果不是以root用户登录,记得加上sudo

1. 添加Certbot PPA源

apt-get update
apt-get install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt-get update

2. 安装Certbot 及 Certbot-nginx

apt-get install certbot python-certbot-nginx

使用Certbot获取证书并自动配置Nginx

certbot --nginx

这里会有一步让你输入邮箱等信息,忘记复制出来了就不添加了;

程序询问你要给哪个域名启用HTTPS,输入序号后敲回车

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: a.e.org
2: c.a.com
3: m.b.org
4: www.c.org
5: www.d.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 

4
这里会询问你是将HTTP都跳转到HTTPS,1不跳转2跳转

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.sanhong.org
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/www_c_org.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 

2
接下来程序会自动配置nginx的配置文件

Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/www_c_org.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://www.c.org

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.c.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.sanhong.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.c.org/privkey.pem
   Your cert will expire on 2020-05-08. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

好了到这里,HTTPS已经成功启动了,你可以去试试了。

版权所有©艾克斯记事-转载文章请注明出处(带链接)

发表评论

电子邮件地址不会被公开。 必填项已用*标注