# certbot安装使用

**Published by:** [Mongo](https://paragraph.com/@mongo/)
**Published on:** 2021-11-06
**URL:** https://paragraph.com/@mongo/certbot

## Content

certbot可以配合nginx，自动化配置和更新SSL证书 配置环境: Ubuntu 20.04 2核4G内存安装包版本：gitlab-ce_13.8.4 arm64文件系统： linux ext4目录安装前准备下载安装配置nginx用certbot生成证书可能碰到的错误检查新的nginx配置参考资料windows版使用安装前准备确认本机已经安装nginx，并且在编译时添加了ssl模块 --with-http_ssl_module 已经有一个域名，并且将DNS解析到了本机 防火墙打开希望配置的http和https端口，这里以80和443为例下载安装apt-get update sudo apt-get install -y certbot python3-certbot-nginx 配置nginx自己先配置一个http的版本即可，例如server { listen 80 default_server; root /var/www/html; server_name example.com www.example.com; } 重新启动nginxnginx -t && nginx -s reload测试访问http://example.com用certbot生成证书sudo certbot --nginx -d example.com -d www.example.com可能碰到的错误Could not find a usable 'nginx' binary 找不到nginx，是因为没有将nginx放到环境变量中，设置nginx软连接ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx ln -b /usr/local/nginx/conf/nginx.conf /etc/nginx/nginx.conf Nginx build is missing SSL module (--with-http_ssl_module). nginx缺少模块，重新编译nginxcd /opt/software/nginx-1.18.0 ./configure --with-http_ssl_module make &#x26;&#x26; make install 得到输出Congratulations! You have successfully enabled https://example.com and https://www.example.com ------------------------------------------------------------------------------------- IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com//privkey.pem Your cert will expire on 2017-12-12. 测试访问 https://example.com检查新的nginx配置看到的应该类似这样server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; server_name example.com www.example.com; listen 443 ssl; # managed by Certbot # RSA certificate ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot # Redirect non-https traffic to https if ($scheme != "https") { return 301 https://$host$request_uri; } # managed by Certbot } 参考资料将Let's Encrypt与NGINX一起使用 nginx免费https证书（certbot）windows版使用按照这两个文档配置即可 官方文档 域名验证方式 运行certbot certonly --webroot

## Publication Information

- [Mongo](https://paragraph.com/@mongo/): Publication homepage
- [All Posts](https://paragraph.com/@mongo/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@mongo): Subscribe to updates