Centos 6.8 下利用 letsencrypt.sh 指令碼為 nginx 配置免費 https 認證，centosnginx

Centos 6.8 下利用 letsencrypt.sh 指令碼為 nginx 配置免費 https 認證，centosnginx

1、下載letsencrypt.sh

wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.confwget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh

2、修改letsencrypt.conf檔案的參數

# vim letsencrypt.conf # only modify the values, key files will be generated automaticly.ACCOUNT_KEY="letsencrypt-account.key" DOMAIN_KEY="mtian.net.key"DOMAIN_DIR="/usr/local/nginx/html"  #網站的根目錄DOMAINS="DNS:mtian.net,DNS:www.mtian.net" #你的網站網域名稱，多個網域名稱用,號分隔#ECC=TRUE#LIGHTTPD=TRUE

3、執行檔案，產生https所需要的ssl認證檔案

添加執行許可權並執行# chmod +x letsencrypt.sh   # ./letsencrypt.sh letsencrypt.conf   運行完成後會在目前的目錄產生如下檔案letsencrypt-account.key  lets-encrypt-x3-cross-signed.pem  mtian.csrletsencrypt.conf         mtian.chained.crt                 mtian.net.keyletsencrypt.sh           mtian.crt

5、修改nginx設定檔，加入https

# vim /usr/local/nginx/conf/nginx.conf  server {        listen       443 ssl;        server_name  www.mtian.net;        ssl on;                ssl_certificate /usr/local/nginx/conf/mtian.chained.crt;        ssl_certificate_key /usr/local/nginx/conf/mtian.net.key;        location / {            root   html;            index  index.html index.htm;        }    }

6、複製letsencrypt.sh產生的mtian.chained.crt和mtian.net.key 件到 nginx.conf中指定的目錄/usr/local/nginx/conf/

# cp  mtian.chained.crt /usr/local/nginx/conf/# cp  mtian.net.key  /usr/local/nginx/conf/

7、重啟nginx

# service nginx restartStopping nginx:                                            [  OK  ]Starting nginx:                                            [  OK  ]