[原文](https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/)
## 安装certbot
安装Let’s Encrypt客户端certbot以及nginx插件。
```bash
sudo apt install certbot python3-certbot-nginx
```
## 配置Nginx服务器
创建配置文件 `/etc/nginx/conf.d/example.com.conf`
```text
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name example.com www.example.com;
}
```
Nginx加载配置
```bash
nginx -t && nginx -s reload
```
## 获取证书
```bash
sudo certbot --nginx -d example.com -d www.example.com
```
再次查看配置文件 `/etc/nginx/conf.d/example.com.conf`
```text
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name example.com www.example.com;
listen 443 ssl; # managed by Certbot
# RSA certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
```
## 自动更新证书
```bash
crontab -e
```
添加crontab命令
```text
0 2 * * * /usr/bin/certbot renew --quiet
```
每天凌晨2点尝试更新证书。