CentOS6安装免费https证书
1. 下载letsencrypt软件
yum -y install git mkdir /data git clone https://github.com/letsencrypt/letsencrypt /data/letsencrypt
2. 安装证书时需要先关闭80端口服务,本例Web提供服务为nginx。
service nginx stop cd /data/letsencrypt chmod +x letsencrypt-auto sudo -H ./letsencrypt-auto certonly --standalone -d qm3.com.cn -d www.qm3.com.cn service nginx start
3. 查看证书
ls /etc/letsencrypt/live/qm3.com.cn/
cert.pem chain.pem DST_Root_CA_X3.pem fullchain1.pem fullchain.pem privkey1.pem privkey.pem README
4.设置定时任务更新证书,由于只有快到期的时候才可以更新,所以每半个月执行一次。
制作更新角本:
vim /etc/letsencrypt.sh
service nginx stop /data/letsencrypt/letsencrypt-auto renew >> /var/log/letsencrypt/letsencrypt-auto-update.log service nginx start
制作完以后,按:wq保存退出,再增加执行权限
chmod +x /etc/letsencrypt.sh
设置定时任务:每月1号和16号凌晨4点执行一次
crontab -e
4 0 1 * * root sh /etc/letsencrypt.sh 4 0 16 * * root sh /etc/letsencrypt.sh
5. 查看更新日志
vim /var/log/letsencrypt/letsencrypt-auto-update.log
6. 配置nginx服务器
vim /etc/nginx/conf.d/www.conf
server {
listen 443 ssl;
server_name www.qm3.com.cn;
ssl on;
ssl_certificate /etc/letsencrypt/live/qm3.com.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qm3.com.cn/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /data/www.qm3.com.cn;
index index.html index.php index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www.qm3.com.cn/$fastcgi_script_name;
include fastcgi_params;
}
}7. 重启nginx服务器,至此配置完成。
service nginx restart
除特别注明外,本站所有文章均为奇妙伞原创,转载请注明出处来自https://qm3.com.cn/post/304.html
