申请SSL证书

证书申请或续期(使用certbot)

查看nginx状态

nginx -t

关闭nginx

nginx -s stop

查看https证书剩余时间及存放位置

certbot certificates

申请(必须先关闭nginx,释放8080端口,否则报错)

certbot certonly –standalone –email *@qq.com -d xxx.cszy.top

续期或新增(必须先关闭nginx)

certbot certonly -d xxx.cszy.top

配置nginx

进入 sites-available,新建xxx.cszy.top配置文件,详情见>>nginx入门<<
进入sites-enabled目录,执行命令

1
ln -s ../sites-available/xxx.cszy.top ./
启动nginx

nginx

或重启nginx

nginx -s reload

常用的命令

certbot certificates #可以查看证书的状态
certbot renow #证书到期30天前可以自动更新
certbot revoke #撤销证书
certbot delete #撤销后删除证书

官方教程(ubuntu)

  1. SSH into the server

    SSH into the server running your HTTP website as a user with sudo privileges.

  2. Install snapd

    You’ll need to install snapd and make sure you follow any instructions to enable classic snap support.

    Follow these instructions on snapcraft’s site to install snapd.

    install snapd

  3. Remove certbot-auto and any Certbot OS packages

    If you have any Certbot packages installed using an OS package manager like aptdnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbotsudo dnf remove certbot, or sudo yum remove certbot.

  4. Install Certbot

    Run this command on the command line on the machine to install Certbot.

    sudo snap install –classic certbot

  5. Prepare the Certbot command

    Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.

    sudo ln -s /snap/bin/certbot /usr/bin/certbot

  6. Choose how you’d like to run Certbot

    Either get and install your certificates…

    Run this command to get a certificate and have Certbot edit your nginx configuration automatically to serve it, turning on HTTPS access in a single step.

    sudo certbot –nginx

    Or, just get a certificate

    If you’re feeling more conservative and would like to make the changes to your nginx configuration by hand, run this command.

    sudo certbot certonly –nginx

  7. Test automatic renewal

    The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:

    sudo certbot renew –dry-run

    The command to renew certbot is installed in one of the following locations:

    • /etc/crontab/
    • /etc/cron.*/*
    • systemctl list-timers

  8. Confirm that Certbot worked

    To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar.

成功后证书地址:

Certificate is saved at: /etc/letsencrypt/live/cszy.top/fullchain.pem
Key is saved at: /etc/letsencrypt/live/cszy.top/privkey.pem

安装工具(旧版,不推荐)

apt install certbot python3-certbot-nginx
然后就是生成证书并自动配置nginx,在这个步骤前建议先备份一下旧的nginx配置文件。

certbot –nginx -d domain.com

参考资料

Certbot Instructions | Certbot (eff.org)
https://zhuanlan.zhihu.com/p/354241539
https://zhuanlan.zhihu.com/p/442904647

申请SSL证书
http://example.com/20231011-申请SSL证书/
作者
csorz
发布于
2023年10月11日
许可协议