Do you think the small green lock in front of others ' website looks good?
What's more, Google officially admits that HTTPS is a factor that affects search rankings, so how do you upgrade your site to HTTPS? Today's content describes how to deploy in Nginx WordPress add a small green lock.
1. Select SSL Certificate
HTTPS (hypertext Transfer Protocol Secure, Hypertext Transfer Security protocol) is a transport protocol for secure communication over a computer network. Communicate via HTTP, but use SSL/TLS to encrypt packets. Therefore, in order to upgrade the site to HTTPS, you need to get an SSL certificate ~
Free SSL Certificate Application agency still a lot of, today introduced a very good lets ' s Encrypt (https://letsencrypt.org/), this is a free, open, automated certification authority.
2. Configure the SSL certificate on the server side (Ubuntu16.04 Nginx for example)
Certbot has PPA, direct installation is good:
$ sudo apt-get update
$ sudo apt-get install Software-properties-common
$ sudo add-apt-repository Ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install Python-certbot-nginx
Install the Nginx version of the certificate,
$ sudo certbot--nginx
This step requires you to enter the mailbox and domain name information, the mailbox is used to receive the certificate is about to expire information (3 months to update) and security information. Domain name is the URL you apply this certificate, if prompted cannot find a VirtualHost matching domain, may be your Nginx server_name configuration error, to see if the correct point to their own domain name. You will then be asked to choose Redirect or no redirect, which redirects all HTTP requests to HTTPS.
Install with this command is let Certbot automatically help you modify Nginx configuration file to implement HTTP into HTTPS (convenient, recommended), of course, you can also manually configure, through the command sudo certbot--nginx certonly, so you can set the information yourself, Official document reference: Https://certbot.eff.org/docs.
Restart Nginx, and then visit your blog, you will find yourself in front also has a small green lock ~
3. Set up automatic certificate updates
Certbot's certificate is valid for 90 days, and has to be updated manually after 90 days ~ but it has an automatic update mechanism, which can be tested by the following command:
$ sudo certbot renew--dry-run
If you run the correct words, then you can set up the Shell+crontab to achieve scheduled tasks, and then do not bother to update the matter 90 days later.
1. Create a new update.sh under/root:
#!/bin/bash
Last_run_time=0
date1= ' Date +%s '
interval_days_secs=$ ((87*24*3600))
if [[$ ((date1-last_run_time))-gt $interval _days_secs]]; Then
Certbot Renew
Sed-i ' 2 s/[0-9][0-9]*/' $date 1 '/' update.sh
Fi
2. Create a new Crontab task (CRONTAB-E) and set the update.sh to execute once a day:
0 0 * * */root/update.sh >/root/log 2>&1
3. Restart the crontab task:
Sudo/etc/init.d/cron restart
Teach you to install SSL certificate upgrade HTTPS