Nginx安装Let's Encrypt免费SSL证书 on freebsd

要先关闭 nginx

git clone
cd letsencrypt
./letsencrypt-auto certonly --standalone --email -d -d --debug

root@freebsdsfo2-01:/data/www/ssl/letsencrypt # ./letsencrypt-auto certonly --standalone --email -d -d --debug

– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ Your cert will
expire on 2016-12-11. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew *all* of your certificates, run
“letsencrypt-auto renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt:
Donating to EFF:

第三、Let’s Encrypt免费SSL证书获取与应用
在完成Let’s Encrypt证书的生成之后,我们会在”/etc/letsencrypt/live/yourdomain/”域名目录下有4个文件就是生成的密钥证书文件。
cert.pem – Apache服务器端证书
chain.pem – Apache根证书和中继证书
fullchain.pem – Nginx所需要ssl_certificate文件
privkey.pem – 安全证书KEY文件

ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

* * */90 * * /data/mon/autossl
/data/www/ssl/letsencrypt/letsencrypt-auto certonly --renew-by-default --email -d -d

详细的nginx https配置文件

#4 blog
server {
listen 80;
# listen [::]:80 ipv6only=on default_server;
listen 443 default ssl;
#listen [::]:80;
#ssl on;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;


#by evan
if ($scheme = http) {
return 301 https://$server_name$request_uri;
#by evan
# server_name;
charset utf-8;
root /data/www/evan;
index index.php index.html index.htm;

ssl on 不要打开 ,不然会400

#这个官方的教程比较好 其实

实战申请Let’s Encrypt永久免费SSL证书过程教程及常见问题

Let’s Encrypt SSL证书配置