轉發自小衆軟件這片文章: http://www.appinn.com/use-letsencrypt-with-nginx/php
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
server { listen 80; server_name www.test.com; root html; return 301 https://$host$request_uri; location / { index index.html index.php; } } server { listen 443 ssl; server_name www.test.com; ssl on; ssl_certificate /etc/letsencrypt/live/www.test.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.test.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; location ~ /.well-known { allow all; } }
cp /opt/letsencrypt/examples/cli.ini /usr/local/etc/le-renew-webroot.in 編輯該文件: rsa-key-size = 4096 email = you@example.com domains = www.test.com webroot-path = /usr/share/nginx/html //這個路徑以後腳本會用到
curl -L -o /usr/local/sbin/le-renew-webroot https://gist.githubusercontent.com/thisismitch/e1b603165523df66d5cc/raw/fbffbf358e96110d5566f13677d9bd5f4f65794c/le-renew-webroot chmod +x /usr/local/sbin/le-renew-webroot
腳本會先檢測證書日期,若是沒到期不會去服務端申請延期。
html