Nginx安装Let's Encrypt免费SSL证书 on freebsd

要先关闭 nginx

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly --standalone --email evan886@gmail.com -d linuxchina.net -d www.linuxchina.net --debug

root@freebsdsfo2-01:/data/www/ssl/letsencrypt # ./letsencrypt-auto certonly --standalone --email evan886@gmail.com -d linuxchina.net -d www.linuxchina.net --debug

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/linuxchina.net/fullchain.pem. Your cert will
expire on 2016-12-11. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew *all* of your certificates, run
“letsencrypt-auto renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

第三、Let’s Encrypt免费SSL证书获取与应用
在完成Let’s Encrypt证书的生成之后,我们会在”/etc/letsencrypt/live/yourdomain/”域名目录下有4个文件就是生成的密钥证书文件。
cert.pem – Apache服务器端证书
chain.pem – Apache根证书和中继证书
fullchain.pem – Nginx所需要ssl_certificate文件
privkey.pem – 安全证书KEY文件

ssl_certificate /etc/letsencrypt/live/linuxchina.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/linuxchina.net/privkey.pem;

#90天后自动更新
* * */90 * * /data/mon/autossl
#/bin/sh
/data/www/ssl/letsencrypt/letsencrypt-auto certonly --renew-by-default --email evan886@gmail.com -d linuxchina.net -d www.linuxchina.net

详细的nginx https配置文件

#4 blog
server {
listen 80;
# listen [::]:80 ipv6only=on default_server;
listen 443 default ssl;
#listen [::]:80;
#ssl on;
ssl_certificate /etc/letsencrypt/live/linuxchina.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/linuxchina.net/privkey.pem;

server_name linuxchina.net www.linuxchina.net;

#by evan
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
#by evan
# server_name blog.linuxchina.net;
charset utf-8;
root /data/www/evan;
index index.php index.html index.htm;

注意:
ssl on 不要打开 ,不然会400

#这个官方的教程比较好 其实
https://certbot.eff.org/#freebsd-nginx

http://stackoverflow.com/questions/8768946/dealing-with-nginx-400-the-plain-http-request-was-sent-to-https-port-error

实战申请Let’s Encrypt永久免费SSL证书过程教程及常见问题
http://www.laozuo.org/7676.html

Let’s Encrypt SSL证书配置
http://www.jianshu.com/p/eaac0d082ba2#