wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
chmod +x letsencrypt.sh
编辑下配置文件:
vim letsencrypt.conf
ACCOUNT_KEY="letsencrypt-account.key" DOMAIN_KEY="域名.key" DOMAIN_DIR="网站文件夹" DOMAINS="DNS:域名,DNS:域名" #ECC=TRUE #LIGHTTPD=TRUE
运行:
./letsencrypt.sh letsencrypt.conf
运行后会生成很多文件
其中:
www.chained.crt 域名.key
这两个是要的
nginx配置:
user www; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name 域名;
#实现自动重写 rewrite ^(.*)$ https://$host$1 permanent; } # HTTPS server server { listen 443 ssl; server_name 域名; #charset: utf-8; ssl_certificate /home/wwwroot/www.chained.crt; ssl_certificate_key /home/wwwroot/域名.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; location / { root 网站文件夹; index index.html index.htm index.php; } location ~ .php$ { fastcgi_buffer_size 128k; fastcgi_buffers 32 32k; root 网站文件夹; fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; #include fastcgi.conf; fastcgi_param DOCUMENT_ROOT 网站文件夹; fastcgi_param SCRIPT_FILENAME 网站文件夹$fastcgi_script_name; include fastcgi_params; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }