Let's Encrypt free SSL Certificate, encryptssl
Let's Encrypt provides free and easy-to-use certificates. Assume that my domain name is 163.org 1. Clone the code
Git clone https://github.com/letsencrypt/letsencrypt # install git first without git # yum install git # apt-get install git
2. Installation
Cd letsencrypt. /letsencrypt-auto certonly -- standalone -- email admin@163.org-d 163.org-d www.163.org Command Parsing -- standalone needs to manually close the program that uses port 443, this command takes up port 443 for verification -- the email admin@163.org fills in your Email-d 163.org domain name that needs to use ssl (must be the address bound to the current host; otherwise the verification fails .)
3. After the Let's Encrypt certificate is generated, we will have four files under the "/etc/letsencrypt/live/163.org/" Domain Name directory, this is the generated key certificate file. Cert. pem-Apache server certificate chain. pem-Apache Root Certificate and relay certificate fullchain. ssl_certificate file privkey required by pem-Nginx. pem-security certificate KEY file if we use the Nginx environment, we need to use fullchain. pem and privkey. pem two certificate files
# Add the generated certificate to the nginx. conf configuration file
Server {server_name 163.org; listen 443; ssl on; ssl_certificate/etc/letsencrypt/live/163.org/fullchain.pem;
Ssl_certificate_key/etc/letsencrypt/live/163.org/privkey.pem;} Ps: In the Nginx environment, you only need to set the corresponding ssl_certificate and ssl_certificate_key paths to the corresponding file paths. Do not move or copy a file because a certificate is generated during the file renewal. 4. Let's Encrypt free SSL certificate validity period Let's Encrypt certificate is valid for 90 days, need to be updated manually for renewal.
* * * * 1 /var/www/letsencrypt/letsencrypt-auto renew
Add this command to the scheduled task to automatically renew the task.
End