Feb 6, 2016

Debian + Nginx 配置 Let’s Encrypt

Let’s Encrypt 部署过程

Debian 安装 Let’s Encrypt (OUT)

apt update
apt install letsencrypt
letsencrypt --duplicate certonly --standalone --email [email protected] -d simonsmh.cc -d blog.simonsmh.cc -d tieba.simonsmh.cc

Debian 安装 acme.sh

见官方说明

curl  https://get.acme.sh | sh
acme.sh --issue -d simonsmh.cc -d app.simonsmh.ccc-d url.simonsmh.cc -d tieba.simonsmh.cc --dns dns_cf --installcert --fullchain-file /etc/nginx/ssl/simonsmh.cc/fullchain.cer --key-file /etc/nginx/ssl/simonsmh.cc/privkey.key --reloadcmd "service nginx force-reload"

nginx 需要的证书位置

#certificate
/etc/letsencrypt/live/simonsmh.tk/fullchain.pem
#privatekey
/etc/letsencrypt/live/simonsmh.tk/privkey.pem

nginx配置示例

listen 443;
...
ssl on;
ssl_certificate /etc/letsencrypt/live/simonsmh.tk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/simonsmh.tk/privkey.pem;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
ssl_session_cache builtin:1000 shared:SSL:10m;
...

相关推荐

Linux

114 字

2016-02-06 17:46 +0000

comments powered by Disqus