Nginx Configure https/Certificate update/Let's encrypt free certificate (HTTPS) as well as error resolution!

Git address is as follows

Https://github.com/xdtianyu/scripts/tree/master/lets-encrypt

Calling acme_tiny.py authentication, obtaining, and updating certificates does not require additional dependencies. downloading scripts and configuration files

wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
wget https:// raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
chmod +x letsencrypt.sh

configuration file

Only need to modify Domain_key Domain_dir DOMAINS for your own information (detailed explanation of the contact to pick up the Sky Star)

account_key= "Letsencrypt-account.key"
domain_key= "Test.com.key"
domain_dir= "/data/wwwroot/test.com"
domains= "Dns:test.com,dns:api.test.com"

The required key file is generated automatically during execution. Perform certificate generation

( If you have different virtual site directories and different domain names to generate certificates, you need to change the profile content, which is the file name, and then rerun the certificate to generate the new site based on the different profiles )

./letsencrypt.sh letsencrypt.conf

Note (The script will download a LETS-ENCRYPT-X3-CROSS-SIGNED.PEM file followed by the build certificate process, if not downloaded, please follow the script to connect the address information manually download)

Need to have bound domain name to/var/www/test.com directory, that is, through http://test.com http://api.test.com can access to/var/www/test.com directory, for domain name authentication If you receive the following error message (yum install python-argparse install Python-argparse and then execute it, please compile the installation manually if Yum cannot install it):

Traceback (most recent call last):
File "/tmp/acme_tiny.py", line 2, in <module>
import Argparse, subprocess, JSON, OS, SYS, base64, BINASCII, Time, Hashlib, Re, copy, TextWrap, logging
importerror:no module named Argparse

1.Yum Install Python-argparse

2. Install Python-argparse manually:

wget https://pypi.python.org/packages/source/a/argparse/argparse-1.4.0.tar.gz#md5=08062d2ceb6596fcbc5a7e725b53746f
TAR-XZVF argparse-1.4.0.tar.gz
CD argparse-1.4.0
Python setup.py Install
The following message appears to indicate a successful installation：
Running Install
Running Bdist_egg
Running Egg_info
Writing Argparse.egg-info/pkg-info
Writing top-level names to Argparse.egg-info/top_level.txt
Writing dependency_links to Argparse.egg-info/dependency_links.txt
Reading manifest file ' Argparse.egg-info/sources.txt '
Reading manifest template ' manifest.in '
Warning:no previously-included files matching ' *.pyc ' found anywhere in distribution
Warning:no previously-included files matching ' *.pyo ' found anywhere in distribution
Warning:no previously-included files matching ' *.orig ' found anywhere in distribution
Warning:no previously-included files matching ' *.rej ' found anywhere in distribution
No previously-included directories found matching ' doc/_build '
No previously-included directories found matching ' env24 '
No previously-included directories found matching ' env25 '
No previously-included directories found matching ' env26 '
No previously-included directories found matching ' env27 '
Writing manifest file ' Argparse.egg-info/sources.txt '
Installing library code to Build/bdist.linux-x86_64/egg
Running Install_lib
Running Build_py
Creating build
Creating Build/lib
Copying argparse.py-> Build/lib
Creating build/bdist.linux-x86_64
Creating Build/bdist.linux-x86_64/egg
Copying build/lib/argparse.py-> Build/bdist.linux-x86_64/egg
Byte-compiling build/bdist.linux-x86_64/egg/argparse.py to Argparse.pyc
Creating Build/bdist.linux-x86_64/egg/egg-info
Copying Argparse.egg-info/pkg-info-> Build/bdist.linux-x86_64/egg/egg-info
Copying Argparse.egg-info/sources.txt-> Build/bdist.linux-x86_64/egg/egg-info
Copying Argparse.egg-info/dependency_links.txt-> Build/bdist.linux-x86_64/egg/egg-info
Copying Argparse.egg-info/top_level.txt-> Build/bdist.linux-x86_64/egg/egg-info
Zip_safe flag not set; Analyzing Archive Contents ...
Creating dist
Creating ' Dist/argparse-1.4.0-py2.6.egg ' and adding ' Build/bdist.linux-x86_64/egg ' to it
Removing ' Build/bdist.linux-x86_64/egg ' (and everything under it)
Processing Argparse-1.4.0-py2.6.egg
Copying Argparse-1.4.0-py2.6.egg to/usr/lib/python2.6/site-packages
Adding Argparse 1.4.0 to easy-install.pth file

Installed/usr/lib/python2.6/site-packages/argparse-1.4.0-py2.6.egg
Processing dependencies for argparse==1.4.0
Finished processing dependencies for argparse==1.4.0
If the following error occurs when performing a python setup.py install install python-argparseis becauseSetuptools not installedPleaseInstall Setuptools
Traceback (most recent call last):
File "setup.py", line 3, in <module>
From Setuptools import Setup, find_packages
Importerror:no module named Setuptools
the red part of the error hint is the surface meaning: no setuptools moduleTo show that Python lacks this module, we can fix this problem by simply installing this module
Install setuptools:

Method One :
wget http://pypi.python.org/packages/source/s/setuptools/setuptools-0.6c11.tar.gz
Tar zxvf setuptools-0.6c11.tar.gz
CD SETUPTOOLS-0.6C11
Python setup.py Build
Python setup.py Install
Method Two :
Download Setuptools-0.6c11-py2.7.egg files to local Http://pypi.python.org/pypi/setuptools this place, using chmod +x The Setuptools-0.6c11-py2.7.egg command makes the file an executable file. Then run the sudo sh setuptools-0.6c11-py2.7.egg command to complete the installation.
Method Three :
To Http://pypi.python.org/pypi/setuptools, download and install the Setuptools module according to the corresponding instructions.

a certificate "DNS query timed out" appears if the following conditions, especially in the Red section, are present in the process of generating certificates because domain name DNS resolution is causing the domain name to fail to authenticate and obtaining an SSL certificate is unsuccessful

(Contrast found that domestic dnspod, Aliyun DNS, CLOUDXNS, etc. will appear from time to time let's Encrypt verify domain name timeout, foreign namecheap DNS, Linode DNS, domain.com DNS, etc. are no problems, When a certificate DNS timeout occurs, you can choose to rerun the command to generate a certificate when the network is idle. )
Generate Account Key ...
Generating RSA private key, 4096 bit long modulus
......................................++
.....................................................................++
E is 65537 (0x10001)
Generate Domain Key ...
Generating RSA private key, 2048 bit long modulus
........+++
................................................................................................................ +++
E is 65537 (0x10001)
Generate CSR...APP.CSR
Parsing Account Key ...
Parsing CSR ...
Registering account ...
registered!
Verifying app.lebaoedu.com ...
Traceback (most recent call last):
File "/tmp/acme_tiny.py", line 198, in <module>
Main (sys.argv[1:])
File "/tmp/acme_tiny.py", line 194, in main
SIGNED_CRT = GET_CRT (Args.account_key, ARGS.CSR, Args.acme_dir, Log=logger, ca=args.ca)
File "/tmp/acme_tiny.py", line 140, in GET_CRT
E.code, Json.loads (E.read (). Decode (' UTF8 ')))
Attributeerror: ' Urlerror ' object has no attribute ' code '

when you generate a certificate, if the following information appears to prove that the build was not successful (this is because the directory does not have +WX permissions but does not have the right to report permissions, the following information occurs directly)

Generate CSR...LEBAO.CSR
New CERT:LEBAO.CHAINED.CRT has been generated the following prompts for successful certificate generation (with more detailed certificate generation success information):

Generate CSR...LEBAO.CSR
Parsing Account Key ...
Parsing CSR ...
Registering account ...
Already registered!
Verifying test.api.lebaoedu.com ...
Test.api.lebaoedu.com verified!
Signing certificate ...
Certificate signed!
New CERT:LEBAO.CHAINED.CRT has been generated
The generated certificate directory will have files similar to the following:

TEST.CHAINED.CRT test.com.key letsencrypt-account.key test.crt TEST.CSR ...

Cron timed Tasks

Automatically update the certificate once a month, you can at the end of the script to join the service Nginx reload, such as reloading services (specifically according to their actual path to modify the scheduled file address to execute)

0 0 1 * */data/cron/ssl/letsencrypt.sh/data/cron/ssl/letsencrypt.conf >>/var/log/lets-encrypt.log 2>&1

Remember to modify the Nginx. conf profile after certificate generationand reload (service Nginx Reload)

The red section must configure the project for the certificate, please specify your own actual certificate address

server {
Listen 443;
server_name test.com;
Access_log/data/wwwlogs/test_nginx.log main;
Index index.html index.htm index.php;
root/data/wwwroot/test.com;
SSL on;
SSL_CERTIFICATE/DATA/CRON/SSL/TEST.CHAINED.CRT;
Ssl_certificate_key/data/cron/ssl/test.com.key;

Location ~ \.php {
#fastcgi_pass remote_php_ip:9000;
Fastcgi_pass Unix:/dev/shm/php-cgi.sock;
Fastcgi_index index.php;
Include Fastcgi_params;
Set $real _script_name $fastcgi _script_name;
if ($fastcgi _script_name ~ "^ (. +?\.php) (/.+) $") {
Set $real _script_name $;
#set $path _info $;
}
Fastcgi_param script_filename $document _root$real_script_name;
Fastcgi_param script_name $real _script_name;
#fastcgi_param path_info $path _info;
}
Location ~. *\. (Gif|jpg|jpeg|png|bmp|swf|flv|ico) $ {
Expires 30d;
Access_log off;
}

Location ~. *\. (JS|CSS)? $ {
Expires 7d;
Access_log off;
}

}