let's encrypt免费证书 + nginx配置

执行命令

export WEBROOT=/var/www/html
export DOMAIN=lleg.gl6.cc
export EMAIL=kerwin@qq.com
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
chmod +x letsencrypt-auto
./letsencrypt-auto certonly -a webroot --webroot-path=$WEBROOT --email $EMAIL -d $DOMAIN -d $DOMAIN

成功后提示

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/lleg.gl6.cc/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/lleg.gl6.cc/privkey.pem
   Your cert will expire on 2018-06-21. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again. To non-interactively renew *all* of your
   certificates, run "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

配置nginx

server  
    {  
        listen 80;
        server_name lleg.gl6.cc;
        return  301 https://$server_name$request_uri;  #非 http 跳转到 https
    }
server
    {
        listen 443 ssl;
        ssl on;
        #Nginx 所需要 ssl_certificate 文件
        ssl_certificate /etc/letsencrypt/live/lleg.gl6.cc/fullchain.pem;  
        #安全证书 KEY 文件; 
        ssl_certificate_key /etc/letsencrypt/live/lleg.gl6.cc/privkey.pem;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;

        server_name lleg.gl6.cc;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /var/www/html;
}

docker 镜象 docker pull linuxserver/letsencrypt 70多M的一个镜象,还没有试用 过

推荐阅读更多精彩内容