certbot+nginx (仅用作个人纪录)

https://certbot.eff.org/#centos6-nginx

https://github.com/kshcherban/acme-nginx

server {
listen 80;

server_name stm.newlook.cn;
root /home/newlook/stm/runtime;

rewrite ^(.*)$ https://$server_name$1 permanent;
access_log /var/log/nginx/host.http2https.access.log
main;

#proxy_cache one;

# location / {
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Server $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass http://127.0.0.1:8080/;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
#}

}

server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/stm.newlook.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stm.newlook.cn/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

server_name stm.newlook.cn;
root /home/newlook/stm/runtime;

#proxy_cache one;

location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

}
history | grep certbot
250 wget https://dl.eff.org/certbot-auto --no-check-certificate
252 yum install certbot
253 certbot certonly
0 0 */28 * * certbot renew --dry-run --pre-hook "service nginx stop" --post-hook "service nginx start"

./certbot-auto certonly --standalone -d puma-iob-staging.system-in-motion.com
crontab -e

0 0 */28 * * ./certbot-auto renew --dry-run --pre-hook "service nginx stop" --post-hook "service nginx start"

puma-iob-staging.system-in-motion.com