提供了编程的基础技术教程

zl程序教程

您现在的位置是:首页 >  移动开发

当前栏目

SSL证书申请与使用

SSL 使用 证书 申请
2023-06-13 09:13:31 时间

[TOC]

Let’s Encrypt申请证书

描述:服务器CentOS7.x,Nignx,Let’s Encrypt做免费的HTTPS证书。 Let’s Encrypt官网: https://letsencrypt.org/ 操作流程: 

#流程
$ git clone https://github.com/letsencrypt/letsencrypt.git
$ cd letsencrypt 
$ sudo ./letsencrypt-auto certonly

#根据该向导选用standalone模式填写自己的邮箱域名等等
/etc/letsencrypt/live/mydomain
# privkey.pem
# fullchain.pem

修改配置nginx文件: 

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name www.linuxidc.com;
    root /usr/share/nginx/html;

    ssl_certificate "/etc/letsencrypt/live/www.linuxidc.com/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/www.linuxidc.com/privkey.pem";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;
}

#实现http转换到https中,颁发的证书右击页面->检查->security->View certificate 证书的有效期是3个月
server {
    listen 80;
    server_name www.linuxidc.com;
    return 301 https://$host$request_uri;
}

实现定时更新证书我们可以用linux自带的定时器crontab: 

$ crontab -e
30 2 1 * * /usr/bin/certbot renew >> /var/log/le-renew.log
35 2 1 * * /usr/bin/systemctl reload nginx

相关文章