Let's Encrypt is a free and easy-to-use certificate, no need to talk nonsense.
Assume that my domain name is: 163.org
1. Clone code
git clone https://github.com/letsencrypt/letsencrypt # 没有git的先安装git
# yum install git
# apt-get install git
Copy after login
2. Install
cd letsencrypt
./letsencrypt-auto certonly --standalone --email admin@163.org -d 163.org -d www.163.org
命令解析
--standalone 需要手动关闭占用443端口的程序,此命令会占用443端口进行验证
--email admin@163.org 填写您的Email
-d 163.org 需要使用ssl的域名(必须是当前主机绑定的地址,否则验证失败。)
Copy after login
3. Configuration
After completing the generation of Let's Encrypt certificate, we will " /etc/letsencrypt/live/163.org/"There are 4 files in the domain name directory, which are the generated key certificate files.
cert.pem - Apache server-side certificate
chain.pem - Apache root certificate and relay certificate
fullchain.pem - required by Nginx ssl_certificate file
privkey.pem - Security certificate KEY file
If we use the Nginx environment, we need to use two certificates, fullchain.pem and privkey.pem File
<span style="color: #ff6600"># nginx.conf 配置文件中加入生成的证书<br></span>
Copy after login
server {
server_name 163.org;
listen 443 ;
ssl on;
ssl_certificate /etc/letsencrypt/live/163.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/163.org/privkey.pem;
}
ps: In the Nginx environment, just set the corresponding ssl_certificate and ssl_certificate_key paths to the corresponding file paths.
Do not move or copy the file, because the certificate will be generated in this file during renewal.
4. Let's Encrypt free SSL certificate validity period
Let's Encrypt certificate is valid for 90 days and needs to be updated and renewed manually.
* * * * 1 /var/www/letsencrypt/letsencrypt-auto renew
Copy after login
Add this command to the scheduled task to automatically renew.
The above is the detailed content of Detailed explanation of a free and easy-to-use certificate from Let's Encrypt. For more information, please follow other related articles on the PHP Chinese website!