https://certbot.eff.org
To the above site follow the steps to install Certbot,
After the installation is complete, Certbot generates a certificate in two ways
The first type: certonly mode, Certbot will start the own nginx (if the server already has nginx, need to stop the existing nginx) to generate certificates
Certbot certonly--standalone-d example.com-d www.example.com
The second type: Webroot mode,
Certbot will generate random files to the given directory (the Web directory of Nginx configuration)/.well-known/acme-challenge/目录里面,
and generate the certificate through the Nginx validation random file that has been started.
Certbot certonly--webroot-w /usr/local/nginx/html-d logan.ren-d llcv.pw-w /var/www/thing-d thing.i S-d m.thing.is
-W nginx.conf Server configuration of the Web directory, both generating a directory of randomly verified files
-D nginx.conf in server_name;
Finally, if you want to renew
Certbot Renew--dry-run
= = above Certbot complete, the following is about the installation of Nginx =
Install Nginx before installing the required components
sudo Install libpcre3 libpcre3-dev libpcrecpp0 libssl-dev Zlib1g-dev
Download Nginx
wget http://nginx.org/download/nginx-1.13.0.tar.gz
Decompression Nginx
tar -zxvf nginx-1.13. 0. tar. gz
Compiling Nginx
./configure--with-http_ssl_module
Make && make install
or a custom configuration
./configure \
--sbin-path=/opt/nginx/nginx \
--conf-path=/opt/nginx/nginx.conf \
--pid-path=/opt/nginx/nginx.pid \
--with-http_ssl_module \
--with-pcre=/usr/local/src/pcre \
--with-zlib=/usr/local/src/zlib \
--with-openssl=/usr/local/src/openssl
Make && make install
Start Nginx
Soft-chain Nginx Ln -s/usr/local/nginx/sbin/nginx/usr/local/bin/nginx start Nginx
To view ports:
Netstat-ano|grep 80
To see if a module is installed
Dpkg-l | grep openss
nginx.conf Configuration
Server {Listen the; server_name Logan.ren LLCV.PW WWW.LLCV.PW; Location~ /{proxy_pass http://logan.ren:5050;} Location^~/.well-known/acme-challenge/{Default_type"Text/plain"; Root/usr/local/nginx/html} Location=/.well-known/acme-challenge/{return404; }} server {Listen443SSL; server_name Logan.ren, LLCV.PW; Ssl_certificate/etc/letsencrypt/live/logan.ren/Fullchain.pem; Ssl_certificate_key/etc/letsencrypt/live/logan.ren/Privkey.pem; Ssl_trusted_certificate/etc/letsencrypt/live/logan.ren/Chain.pem; # Ssl_dhparam/etc/nginx/tls1.2/Dhparam.pem; Ssl_protocols TLSv1 TLSv1.1TLSv1.2; # ssl_ciphers"Eecdh+aesgcm:edh+aesgcm:aes256+eecdh:aes256+edh"; Location/www/{root/opt/llc/www/LLCV; Index index.html; } Location~ /{proxy_pass http://logan.ren:5050; } }
Ubuntu Nginx installation Certbot (Letsencrypt)