使用 Let's Encrypt 给Nginx网站加密

作者 bluse wang 日期 2017-01-12
使用 Let's Encrypt 给Nginx网站加密

使用certbot管理证书。

在FreeBSD中安装:

1
sudo pkg install certbot

获取证书:

1
certbot certonly --webroot -w /var/www/example -d example.com

完事后,证书在:

1
/usr/local/etc/letsencrypt/live/example.com/

目录中。

配置Nginx 虚拟机:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
server{
listen 80;
server_name example.com;
root /var/www/example;
add_header Cache-Control no-store;
}
server {
listen 443 ssl;
server_name example.com;
root /var/www/example;
ssl on;
ssl_certificate /usr/local/etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
}

OK!完事!最后

1
2
sudo nginx -t
sudo nginx -s reload