letsencrypt recommend that most people with shell access use the Certbot ACME client.
It can automate certificate issuance and installation with no downtime.
It also has expert modes for people who don¡¯t want autoconfiguration.
It¡¯s easy to use, works on many operating systems, and has great documentation.

This is a simple example to use certbot + nginx, for more information -> https://letsencrypt.org/docs/

1 install certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

2 install certificates
(a) standalone
./certbot-auto certonly --standalone -d www.system-in-motion.com
(b)webroot
./certbot-auto certonly --webroot -w /var/www/system-in-motion -d system-in-motion.com -d www.system-in-motion.com

3 nginx conf
(1)rewrite
You can include multiple rewrite directives in both the server and location contexts.
NGINX Plus executes the directives one-by-one in the order they occur.
The rewrite directives in a server context are executed once when that context is selected.
After NGINX processes a set of rewriting instructions, it selects a location context according to the new URI.
If the selected location contains rewrite directives, they are executed in turn.
If the URI matches any of those, a search for the new location starts after all defined rewrite directives are processed.
(2)ssl_certificate
https://www.nginx.com/blog/nginx-ssl/

server {
listen 80;

server_name www.system-in-motion.com;
root [location context];

rewrite ^(.*)$ https://$server_name$1 permanent;
access_log /var/log/nginx/host.http2https.access.log
main;

}

}

server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.system-in-motion.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.system-in-motion.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

server_name www.system-in-motion.com;
root [location context];

location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}

}

4 automating renewal(use crontab)
Certbot can be configured to renew your certificates automatically before they expire.
Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature¡£

crontab -e
0 0 */28 * * ./certbot-auto renew --pre-hook "service nginx stop" --post-hook "service nginx start"

Lets encrypt安装及配置的更多相关文章

  1. nginx安装Lets Encrypt SSL免费HTTPS加密证书

    Linux Nginx网站:Certbot安装配置Lets Encrypt SSL免费HTTPS加密证书 原文地址:https://renwole.com/archives/157 实验环境:Cent ...

  2. Let's Encrypt 安装配置教程,免费的 SSL 证书

    官网:https://letsencrypt.org/ 安装Let's Encrypt 安装非常简单直接克隆就可以了 git clone https://github.com/letsencrypt/ ...

  3. Nginx + Lets'encrypt 实现HTTPS访问七牛空间资源

    上一篇文章 为七牛云存储空间绑定自定义域名,并使用七牛云提供的免费SSL证书,将自定义加名升级为HTTPS 我们提到利用七牛的免费SSL证书,将自定义加名升级为HTTPS的方法. 不知道有没有小伙伴会 ...

  4. CentOS 6.3下Samba服务器的安装与配置方法(图文详解)

    这篇文章主要介绍了CentOS 6.3下Samba服务器的安装与配置方法(图文详解),需要的朋友可以参考下   一.简介  Samba是一个能让Linux系统应用Microsoft网络通讯协议的软件, ...

  5. Chapter 2. OpenSSL的安装和配置学习笔记

    Chapter 2. OpenSSL的安装和配置学习笔记 2.1 在linux上面安装OpenSSL我还是做点No paper事情比较在行,正好和老师的课程接轨一下.以前尝试过在Windows上面安装 ...

  6. CentOS 6.3下Samba服务器的安装与配置(转)

    CentOS 6.3下Samba服务器的安装与配置   一.简介 Samba是一个能让Linux系统应用Microsoft网络通讯协议的软件,而SMB是Server Message Block的缩写, ...

  7. CentOS下Samba文件服务器的安装与配置

    CentOS下Samba文件服务器的安装与配置 http://blog.csdn.net/limingzhong198/article/details/22064801 一.安装配置 1. 安装sam ...

  8. CentOS 7下Samba服务器的安装与配置

    文基于<CentOS 6.3下Samba服务器的安装与配置>,参照原博文,自己在CentOS7环境上实现,并按照自己的环境修改博文内容 一.简介 Samba是一个能让Linux系统应用Mi ...

  9. MySQL8.0.12 安装及配置、读写分离,主从复制

    一.安装 1.从网上下载MySQL8.0.12版本,下载地址:https://dev.mysql.com/downloads/mysql/ 2. 下载完成后解压 我解压的路径是:D:\Java\mys ...

随机推荐

  1. thinkphp常用标签总结

    三元运算标签 {$v['member_id'] == 1 ? 正常 : 不正常} volist标签 <volist name="data" id="v"& ...

  2. macOS 系统 .DS_Store 文件详解

    .DS_Store 文件 .DS_Store 是 Finder 用来存储这个文件夹的显示属性的:比如文件图标的摆放位置. 显示/隐藏 Mac 隐藏文件 显示:defaults write com.ap ...

  3. git入门(廖雪峰老师)

    根据廖雪峰老师的git教程进行学习总结: 1.之前上班用的都是svn进行管理,那么svn和git有什么区别呢? svn是集中式的版本控制系统,而git是分布式版本控制系统,那么集中式和分布式版本控制系 ...

  4. Java并发编程:Java线程池核心ThreadPoolExecutor的使用和原理分析

    目录 引出线程池 Executor框架 ThreadPoolExecutor详解 构造函数 重要的变量 线程池执行流程 任务队列workQueue 任务拒绝策略 线程池的关闭 ThreadPoolEx ...

  5. Java容器类源码分析前言之集合框架结构(基于JDK8)

    一.基本概念 Java容器类库的用途是"保存对象",容器库类分为两个不同的分支. 1.Collection.可以保存一个或多个对象,将其保存为一个序列.Collection又可以细 ...

  6. HTML暗黑料理之a标签执行请求不跳转页面

    不是被逼无奈不建议用这HTML暗黑料理. <iframe id="></iframe> <a class="large green button&qu ...

  7. git 出现gnome-ssh-askpass:32737

    今天在git push origin master时,竟然出现了错误 (gnome-ssh-askpass:32737): Gtk-WARNING **: cannot open display: e ...

  8. js中数组常用的api 及其作用

  9. “一切都是消息”--iMSF(即时消息服务框架)之【请求-响应】模式(点对点)

    MSF的名字是 Message Service Framework 的简称,由于目前框架主要功能在于处理即时(immediately)消息,所以iMSF就是 immediately Message S ...

  10. 【转】PHP 杂谈 坑爹的file_exists

    转自:http://www.cnblogs.com/baochuan/archive/2012/05/06/2445822.html 介绍   我发现了一个问题,今天与大家分享.我把整个过程描述一下. ...