以下仅演示如果自动申请证书,如果你自己准备了证书,请查阅相关教程

安装 certbot 以及 certbot nginx 插件

1
$ sudo yum install certbot python2-certbot-nginx -y

注:如果是 CentOS 7 可能出现安装错误, 根据提示进行修复即可

执行配置

中途会询问邮箱等基本信息,如实填写即可

1
$ sudo certbot --nginx

安装成功后, 最末尾会出现以下提示信息

1
2
3
4
5
6
7
8
9
10
11
12
13
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/你的域名/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/你的域名/privkey.pem
   Your cert will expire on 2019-09-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

同时可以从以上输出信息中得到证书的 安装位置/etc/letsencrypt/live/你的域名/ 之下,其中会包含一个 README 文件来简述该文件夹下其他文件的含义,可自行查看

自动续约

用certbot安装免费SSL证书,其有效期只有6个月的时间,可以用以下命令开启 自动续约

1
$ sudo certbot renew --dry-run