免费SSL证书:Nginx安装Let’s Encrypt证书

[原文](https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/) ## 安装certbot 安装Let’s Encrypt客户端certbot以及nginx插件。 ```bash sudo apt install certbot python3-certbot-nginx ``` ## 配置Nginx服务器 创建配置文件 `/etc/nginx/conf.d/example.com.conf` ```text server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; server_name example.com www.example.com; } ``` Nginx加载配置 ```bash nginx -t && nginx -s reload ``` ## 获取证书 ```bash sudo certbot --nginx -d example.com -d www.example.com ``` 再次查看配置文件 `/etc/nginx/conf.d/example.com.conf` ```text server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; server_name example.com www.example.com; listen 443 ssl; # managed by Certbot # RSA certificate ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot # Redirect non-https traffic to https if ($scheme != "https") { return 301 https://$host$request_uri; } # managed by Certbot } ``` ## 自动更新证书 ```bash crontab -e ``` 添加crontab命令 ```text 0 2 * * * /usr/bin/certbot renew --quiet ``` 每天凌晨2点尝试更新证书。