一、安裝php
./certbot-auto certonly --webroot -w /usr/local/nignx/html -d www.xxxx.com
二、nginx配置css
server { listen 443 ssl; server_name www.xxx.com; index index.php; root /data/www/public; ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.xxx.com/chain.pem; location / { if (!-e $request_filename) { rewrite ^(.*)$ /index.php/$1 last; break; } } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /\.htaccess { deny all; } access_log /var/log/nginx/www.xxx.com.log; location ~ \.php { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_connect_timeout 180; fastcgi_read_timeout 600; fastcgi_send_timeout 600; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
三、Apache配置html
打開ssl模塊,沒有這個模塊就須要安裝依賴包:mod_ssl,安裝後就會在modules裏面找到:nginx
LoadModule ssl_module modules/mod_ssl.so
引入ssl配置文件,增長支持ssl:web
Include conf/extra/httpd-ssl.conf(去掉行首的註釋)
<VirtualHost *:80> Options FollowSymLinks ServerName xxx.org.cn DocumentRoot /www1/xxx ServerAlias www.xxx.cn xxx.cn ErrorLog logs/error_log CustomLog logs/access_log common RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R] </VirtualHost> <VirtualHost *:443> Options FollowSymLinks ServerName xxx.cn DocumentRoot /www1/xxx ServerAlias www.xxx.cn xxx.cn ErrorLog logs/ssl-error_log CustomLog logs/ssl-access_log common SSLEngine on SSLCertificateFile /etc/letsencrypt/live/www.xxx.cn/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.xxx.cn/privkey.pem </VirtualHost>
四、自動續期apache
crontab -ebash
30 3 25 3,6,9,12 * /opt/certbot-auto renew >>/var/log/certbot-renew.log 2>&1 50 3 25 3,6,9,12 * /etc/init.d/nginx reload #或者50 3 25 3,6,9,12 * service httpd reload