letsencrypt recommend that most people with shell access use the Certbot ACME client.
It can automate certificate issuance and installation with no downtime.
It also has expert modes for people who don¡¯t want autoconfiguration.
It¡¯s easy to use, works on many operating systems, and has great documentation.

This is a simple example to use certbot + nginx, for more information -> https://letsencrypt.org/docs/

1 install certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

2 install certificates
(a) standalone
./certbot-auto certonly --standalone -d www.system-in-motion.com
(b)webroot
./certbot-auto certonly --webroot -w /var/www/system-in-motion -d system-in-motion.com -d www.system-in-motion.com

3 nginx conf
(1)rewrite
You can include multiple rewrite directives in both the server and location contexts.
NGINX Plus executes the directives one-by-one in the order they occur.
The rewrite directives in a server context are executed once when that context is selected.
After NGINX processes a set of rewriting instructions, it selects a location context according to the new URI.
If the selected location contains rewrite directives, they are executed in turn.
If the URI matches any of those, a search for the new location starts after all defined rewrite directives are processed.
(2)ssl_certificate
https://www.nginx.com/blog/nginx-ssl/

server {
listen 80;

server_name www.system-in-motion.com;
root [location context];

rewrite ^(.*)$ https://$server_name$1 permanent;
access_log /var/log/nginx/host.http2https.access.log
main;

}

}

server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.system-in-motion.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.system-in-motion.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

server_name www.system-in-motion.com;
root [location context];

location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}

}

4 automating renewal(use crontab)
Certbot can be configured to renew your certificates automatically before they expire.
Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature¡£

crontab -e
0 0 */28 * * ./certbot-auto renew --pre-hook "service nginx stop" --post-hook "service nginx start"

Lets encrypt安装及配置的更多相关文章

  1. nginx安装Lets Encrypt SSL免费HTTPS加密证书

    Linux Nginx网站:Certbot安装配置Lets Encrypt SSL免费HTTPS加密证书 原文地址:https://renwole.com/archives/157 实验环境:Cent ...

  2. Let's Encrypt 安装配置教程,免费的 SSL 证书

    官网:https://letsencrypt.org/ 安装Let's Encrypt 安装非常简单直接克隆就可以了 git clone https://github.com/letsencrypt/ ...

  3. Nginx + Lets'encrypt 实现HTTPS访问七牛空间资源

    上一篇文章 为七牛云存储空间绑定自定义域名,并使用七牛云提供的免费SSL证书,将自定义加名升级为HTTPS 我们提到利用七牛的免费SSL证书,将自定义加名升级为HTTPS的方法. 不知道有没有小伙伴会 ...

  4. CentOS 6.3下Samba服务器的安装与配置方法(图文详解)

    这篇文章主要介绍了CentOS 6.3下Samba服务器的安装与配置方法(图文详解),需要的朋友可以参考下   一.简介  Samba是一个能让Linux系统应用Microsoft网络通讯协议的软件, ...

  5. Chapter 2. OpenSSL的安装和配置学习笔记

    Chapter 2. OpenSSL的安装和配置学习笔记 2.1 在linux上面安装OpenSSL我还是做点No paper事情比较在行,正好和老师的课程接轨一下.以前尝试过在Windows上面安装 ...

  6. CentOS 6.3下Samba服务器的安装与配置(转)

    CentOS 6.3下Samba服务器的安装与配置   一.简介 Samba是一个能让Linux系统应用Microsoft网络通讯协议的软件,而SMB是Server Message Block的缩写, ...

  7. CentOS下Samba文件服务器的安装与配置

    CentOS下Samba文件服务器的安装与配置 http://blog.csdn.net/limingzhong198/article/details/22064801 一.安装配置 1. 安装sam ...

  8. CentOS 7下Samba服务器的安装与配置

    文基于<CentOS 6.3下Samba服务器的安装与配置>,参照原博文,自己在CentOS7环境上实现,并按照自己的环境修改博文内容 一.简介 Samba是一个能让Linux系统应用Mi ...

  9. MySQL8.0.12 安装及配置、读写分离,主从复制

    一.安装 1.从网上下载MySQL8.0.12版本,下载地址:https://dev.mysql.com/downloads/mysql/ 2. 下载完成后解压 我解压的路径是:D:\Java\mys ...

随机推荐

  1. 【杂谈】线程中断——Interrupt

    前言 以前有一个错误的认识,以为中断操作都会抛出异常,后来才发现并不是这样,所以今天就来做一个关于中断的总结. 如何关闭线程 已被弃用的Stop方法 早期,Thread类中有一个stop方法,用于强行 ...

  2. Guava初识

    1. 是什么 开源Java库,提供了用于集合,缓存,支持原语,并发性,常见注解,字符串处理,I/O和验证的实用方法 2. 开发它的最初目的是什么? 方便编码,减少编码错误 3. 好处 标准化 - Gu ...

  3. .net Framework 源代码 · ScrollViewer

    本文是分析 .net Framework 源代码的系列,主要告诉大家微软做 ScrollViewer 的思路,分析很简单 看完本文,可以学会如何写一个 ScrollViewer ,如何定义一个 ISc ...

  4. Windows Server 2008 R2 如何关闭防火墙

    1.    打开 [控制面板],选择 - [检查防火墙状态] 2.    Windows防火墙窗口界面,选择 – [高级设置] 3.    选择– [windows防火墙属性] 4.在[域配置文件], ...

  5. 【Tomcat】Tomcat日志切割

    下载并解压缩 cronolog # tar zxvf cronolog-1.6.2.tar.gz 2.进入cronolog安装文件所在目录 # cd cronolog-1.6.2 3.运行安装  # ...

  6. 汇编语言--微机CPU的指令系统(五)(数据传送指令)

    五.微机CPU的指令系统 1.汇编语言指令格式 汇编语言的指令格式如下: 指令助忆符 [操作数1 [, 操作数2 [, 操作数3]]] [;注释] 指令助忆符体现该指令的功能,它对应一条二进制编码的机 ...

  7. lfs(systemd版本)学习笔记-第3页

    我的邮箱地址:zytrenren@163.com欢迎大家交流学习纠错! lfs(systemd)学习笔记-第2页 的地址:https://www.cnblogs.com/renren-study-no ...

  8. Docker 容器备份例子

    # 在 node1 执行 nginx 程序,挂载本地的目录 docker pull nginx:stable-alpine mkdir /data/html echo "hello worl ...

  9. 【读书笔记】iOS-iOS的持续集成

    一,Jenkins http://jenkins-ci.org 二,iOS单元测试的持续集成 在Xcode进入OCUnit作为单元测试框架前,把单元测试分为两种:Logic Test和Applicat ...

  10. React 入门学习笔记整理(一)——搭建环境

    使用create-react-app脚手架搭建环境 1.安装node .软件下载地址:https://nodejs.org/en/,我下的推荐的版本. 安装之后测试是否安装成功.windows系统下, ...