Subscribe to Mongo
Subscribe to Mongo
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
certbot可以配合nginx,自动化配置和更新SSL证书
配置环境: Ubuntu 20.04 2核4G内存安装包版本:gitlab-ce_13.8.4 arm64文件系统: linux ext4
安装前准备
下载安装
配置nginx
用certbot生成证书
可能碰到的错误
检查新的nginx配置
参考资料
windows版使用
确认本机已经安装nginx,并且在编译时添加了ssl模块 --with-http_ssl_module 已经有一个域名,并且将DNS解析到了本机 防火墙打开希望配置的http和https端口,这里以80和443为例
apt-get update
sudo apt-get install -y certbot python3-certbot-nginx
自己先配置一个http的版本即可,例如
server {
listen 80 default_server;
root /var/www/html;
server_name example.com www.example.com;
}
重新启动nginxnginx -t && nginx -s reload测试访问http://example.com
sudo certbot --nginx -d example.com -d www.example.com
Could not find a usable 'nginx' binary 找不到nginx,是因为没有将nginx放到环境变量中,设置nginx软连接
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
ln -b /usr/local/nginx/conf/nginx.conf /etc/nginx/nginx.conf
Nginx build is missing SSL module (--with-http_ssl_module).
nginx缺少模块,重新编译nginx
cd /opt/software/nginx-1.18.0
./configure --with-http_ssl_module
make && make install
得到输出
Congratulations! You have successfully enabled https://example.com and https://www.example.com
-------------------------------------------------------------------------------------
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com//privkey.pem
Your cert will expire on 2017-12-12.
测试访问 https://example.com
看到的应该类似这样
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name example.com www.example.com;
listen 443 ssl; # managed by Certbot
# RSA certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
按照这两个文档配置即可
运行
certbot certonly --webroot
certbot可以配合nginx,自动化配置和更新SSL证书
配置环境: Ubuntu 20.04 2核4G内存安装包版本:gitlab-ce_13.8.4 arm64文件系统: linux ext4
安装前准备
下载安装
配置nginx
用certbot生成证书
可能碰到的错误
检查新的nginx配置
参考资料
windows版使用
确认本机已经安装nginx,并且在编译时添加了ssl模块 --with-http_ssl_module 已经有一个域名,并且将DNS解析到了本机 防火墙打开希望配置的http和https端口,这里以80和443为例
apt-get update
sudo apt-get install -y certbot python3-certbot-nginx
自己先配置一个http的版本即可,例如
server {
listen 80 default_server;
root /var/www/html;
server_name example.com www.example.com;
}
重新启动nginxnginx -t && nginx -s reload测试访问http://example.com
sudo certbot --nginx -d example.com -d www.example.com
Could not find a usable 'nginx' binary 找不到nginx,是因为没有将nginx放到环境变量中,设置nginx软连接
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
ln -b /usr/local/nginx/conf/nginx.conf /etc/nginx/nginx.conf
Nginx build is missing SSL module (--with-http_ssl_module).
nginx缺少模块,重新编译nginx
cd /opt/software/nginx-1.18.0
./configure --with-http_ssl_module
make && make install
得到输出
Congratulations! You have successfully enabled https://example.com and https://www.example.com
-------------------------------------------------------------------------------------
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com//privkey.pem
Your cert will expire on 2017-12-12.
测试访问 https://example.com
看到的应该类似这样
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name example.com www.example.com;
listen 443 ssl; # managed by Certbot
# RSA certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
按照这两个文档配置即可
运行
certbot certonly --webroot
No activity yet