centos-rhel服务器相关 / nginx / 未分类 · 2016年9月13日

Nginx安装Let's Encrypt免费SSL证书 on freebsd

要先关闭 nginx
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly --standalone --email [email protected] -d linuxchina.net -d www.linuxchina.net --debug

root@freebsdsfo2-01:/data/www/ssl/letsencrypt # ./letsencrypt-auto certonly --standalone --email [email protected] -d linuxchina.net -d www.linuxchina.net --debug
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/linuxchina.net/fullchain.pem. Your cert will
expire on 2016-12-11. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew *all* of your certificates, run
“letsencrypt-auto renew”
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
第三、Let’s Encrypt免费SSL证书获取与应用
在完成Let’s Encrypt证书的生成之后,我们会在”/etc/letsencrypt/live/yourdomain/”域名目录下有4个文件就是生成的密钥证书文件。
cert.pem – Apache服务器端证书
chain.pem – Apache根证书和中继证书
fullchain.pem – Nginx所需要ssl_certificate文件
privkey.pem – 安全证书KEY文件
ssl_certificate /etc/letsencrypt/live/linuxchina.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/linuxchina.net/privkey.pem;
#90天后自动更新
* * */90 * * /data/mon/autossl
#/bin/sh
/data/www/ssl/letsencrypt/letsencrypt-auto certonly --renew-by-default --email [email protected] -d linuxchina.net -d www.linuxchina.net

详细的nginx https配置文件
#4 blog
server {
listen 80;
# listen [::]:80 ipv6only=on default_server;
listen 443 default ssl;
#listen [::]:80;
#ssl on;
ssl_certificate /etc/letsencrypt/live/linuxchina.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/linuxchina.net/privkey.pem;
server_name linuxchina.net www.linuxchina.net;
#by evan
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
#by evan
# server_name blog.linuxchina.net;
charset utf-8;
root /data/www/evan;
index index.php index.html index.htm;

注意:
ssl on 不要打开 ,不然会400
#这个官方的教程比较好 其实
https://certbot.eff.org/#freebsd-nginx
http://stackoverflow.com/questions/8768946/dealing-with-nginx-400-the-plain-http-request-was-sent-to-https-port-error
实战申请Let’s Encrypt永久免费SSL证书过程教程及常见问题
http://www.laozuo.org/7676.html
Let’s Encrypt SSL证书配置
http://www.jianshu.com/p/eaac0d082ba2#