wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
chmod +x letsencrypt.sh
編輯下配置檔案:
vim letsencrypt.conf
ACCOUNT_KEY="letsencrypt-account.key"
DOMAIN_KEY="域名.key"
DOMAIN_DIR="網站檔案夾"
DOMAINS="DNS:域名,DNS:域名"
#ECC=TRUE
#LIGHTTPD=TRUE 運作:
./letsencrypt.sh letsencrypt.conf
運作後會生成很多檔案
其中:
www.chained.crt 域名.key
這兩個是要的
nginx配置:
user www;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name 域名;
#實作自動重寫
rewrite ^(.*)$ https://$host$1 permanent;
}
# HTTPS server
server {
listen 443 ssl;
server_name 域名;
#charset: utf-8;
ssl_certificate /home/wwwroot/www.chained.crt;
ssl_certificate_key /home/wwwroot/域名.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
root 網站檔案夾;
index index.html index.htm index.php;
}
location ~ .php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 32 32k;
root 網站檔案夾;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
#include fastcgi.conf;
fastcgi_param DOCUMENT_ROOT 網站檔案夾;
fastcgi_param SCRIPT_FILENAME 網站檔案夾$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}