letsencrypt recommend that most people with shell access use the Certbot ACME client.
It can automate certificate issuance and installation with no downtime.
It also has expert modes for people who don¡¯t want autoconfiguration.
It¡¯s easy to use, works on many operating systems, and has great documentation.

This is a simple example to use certbot + nginx, for more information -> https://letsencrypt.org/docs/

1 install certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

2 install certificates
(a) standalone
./certbot-auto certonly --standalone -d www.system-in-motion.com
(b)webroot
./certbot-auto certonly --webroot -w /var/www/system-in-motion -d system-in-motion.com -d www.system-in-motion.com

3 nginx conf
(1)rewrite
You can include multiple rewrite directives in both the server and location contexts.
NGINX Plus executes the directives one-by-one in the order they occur.
The rewrite directives in a server context are executed once when that context is selected.
After NGINX processes a set of rewriting instructions, it selects a location context according to the new URI.
If the selected location contains rewrite directives, they are executed in turn.
If the URI matches any of those, a search for the new location starts after all defined rewrite directives are processed.
(2)ssl_certificate
https://www.nginx.com/blog/nginx-ssl/

server {
listen 80;

server_name www.system-in-motion.com;
root [location context];

rewrite ^(.*)$ https://$server_name$1 permanent;
access_log /var/log/nginx/host.http2https.access.log
main;

}

}

server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.system-in-motion.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.system-in-motion.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

server_name www.system-in-motion.com;
root [location context];

location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}

}

4 automating renewal(use crontab)
Certbot can be configured to renew your certificates automatically before they expire.
Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature¡£

crontab -e
0 0 */28 * * ./certbot-auto renew --pre-hook "service nginx stop" --post-hook "service nginx start"

Lets encrypt安装及配置的更多相关文章

  1. nginx安装Lets Encrypt SSL免费HTTPS加密证书

    Linux Nginx网站:Certbot安装配置Lets Encrypt SSL免费HTTPS加密证书 原文地址:https://renwole.com/archives/157 实验环境:Cent ...

  2. Let's Encrypt 安装配置教程,免费的 SSL 证书

    官网:https://letsencrypt.org/ 安装Let's Encrypt 安装非常简单直接克隆就可以了 git clone https://github.com/letsencrypt/ ...

  3. Nginx + Lets'encrypt 实现HTTPS访问七牛空间资源

    上一篇文章 为七牛云存储空间绑定自定义域名,并使用七牛云提供的免费SSL证书,将自定义加名升级为HTTPS 我们提到利用七牛的免费SSL证书,将自定义加名升级为HTTPS的方法. 不知道有没有小伙伴会 ...

  4. CentOS 6.3下Samba服务器的安装与配置方法(图文详解)

    这篇文章主要介绍了CentOS 6.3下Samba服务器的安装与配置方法(图文详解),需要的朋友可以参考下   一.简介  Samba是一个能让Linux系统应用Microsoft网络通讯协议的软件, ...

  5. Chapter 2. OpenSSL的安装和配置学习笔记

    Chapter 2. OpenSSL的安装和配置学习笔记 2.1 在linux上面安装OpenSSL我还是做点No paper事情比较在行,正好和老师的课程接轨一下.以前尝试过在Windows上面安装 ...

  6. CentOS 6.3下Samba服务器的安装与配置(转)

    CentOS 6.3下Samba服务器的安装与配置   一.简介 Samba是一个能让Linux系统应用Microsoft网络通讯协议的软件,而SMB是Server Message Block的缩写, ...

  7. CentOS下Samba文件服务器的安装与配置

    CentOS下Samba文件服务器的安装与配置 http://blog.csdn.net/limingzhong198/article/details/22064801 一.安装配置 1. 安装sam ...

  8. CentOS 7下Samba服务器的安装与配置

    文基于<CentOS 6.3下Samba服务器的安装与配置>,参照原博文,自己在CentOS7环境上实现,并按照自己的环境修改博文内容 一.简介 Samba是一个能让Linux系统应用Mi ...

  9. MySQL8.0.12 安装及配置、读写分离,主从复制

    一.安装 1.从网上下载MySQL8.0.12版本,下载地址:https://dev.mysql.com/downloads/mysql/ 2. 下载完成后解压 我解压的路径是:D:\Java\mys ...

随机推荐

  1. JavaWeb学习 (十八)————JSP标签

    一.JSP标签介绍 JSP标签也称之为Jsp Action(JSP动作)元素,它用于在Jsp页面中提供业务逻辑功能,避免在JSP页面中直接编写java代码,造成jsp页面难以维护. 二.JSP常用标签 ...

  2. [Luogu 3613] 睡觉困难综合征

    Description 给定一棵 \(n\) 个点的树,每个点上有位运算 \(opt\) 和一个权值 \(x\),位运算有 &,|,^ 三种. 要求支持: 修改点 \(v\) 的 \(opt\ ...

  3. 数据分析之pandas模块

    一.Series 类似于一位数组的对象,第一个参数为数据,第二个参数为索引(索引可以不指定,就默认用隐式索引) Series(data=np.random.randint(1,50,(10,))) S ...

  4. 5步搭建GO环境

    Easy Go Programming Setup for Windows Dec 23, 2014 I’ve had to do this more than once recently, so I ...

  5. jQuery 【选择器】【动画】

    jQuery 是一个快速.简洁的JavaScript框架,它封装JavaScript常用的功能代码,提供一种简便的JavaScript设计模式,优化HTML文档操作.事件处理.动画设计和Ajax交互. ...

  6. IdentityServer4-客户端定义-翻译

    客户端定义(Defining Client) 客户端可以从你的IDS服务器请求tokens. 通常,客户端需要遵循下面的通用设置: 一个唯一的Client ID 如果需要还可以提供密码 允许与toke ...

  7. 【RabbitMQ】7、RabbitMQ主备复制是异步还是同步?

    转自:https://yq.aliyun.com/articles/73040?spm=5176.100240.searchblog.116.RcXYdl 我们知道RabbitMQ可以配置成Queue ...

  8. 前端面试(原生js篇) - 精确运算

    一.面试题 问:开发的时候有用到过 Math 吗? 答:很多啊.比如生成 GUID 的时候,就会用到 Math.random() 来生成随机数. 问:别的呢?比如向下取整.向上取整? 答:向下取整是  ...

  9. polyfill-eventsource added missing EventSource to window ie浏览器 解决方案

    今天遇到一个 ie浏览器显示空白,报错内容是: polyfill-eventsource added missing EventSource to window的问题, import 'babel-p ...

  10. 原生JS强大DOM选择器querySelector与querySelectorAll

    在传统的 JavaScript 开发中,查找 DOM 往往是开发人员遇到的第一个头疼的问题,原生的 JavaScript 所提供的 DOM 选择方法并不多,仅仅局限于通过 tag, name, id ...