Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
下面是我在Nginx服务器上部署它提供的SSL证书的过程:
- 安装git
apt-get update apt-get install git
- 下载安装Let’s Encrypt源码,在etc目录下部署代码
cd /usr/ git clone https://github.com/letsencrypt/letsencrypt letsencrypt
- SSL证书部署时需要关闭Nginx服务器。
service nginx stop netstat -na | grep ':80.*LISTEN' # return null if nginx has stopped
- 生成SSL证书
cd /usr/letsencrypt ./letsencrypt-auto certonly --standalone
- 之后将初始化简单的图形界面以安装SSL证书,需要填写域名信息
zivers.com www.zivers.com
- 看到一下文字时说明证书生成成功
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/zivers.com/fullchain.pem. Your cert will expire on 2016-04-22. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - If you like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
- 从以上信息中,可以看见,证书被存储到了以下目录
/etc/letsencrypt/live/zivers.com/ #证书路径 /etc/letsencrypt/live/zivers.com/fullchain.pem
- 修改Nginx配置
加入ssl证书信息,并写入rewrite规则
server { listen 80; server_name zivers.com; rewrite ^/(.*)$ https://www.zivers.com/$1 permanent; } server { listen 80; server_name www.zivers.com; rewrite ^/(.*)$ https://www.zivers.com/$1 permanent; } server { listen 443 ssl; server_name zivers.com; ssl_certificate /etc/letsencrypt/live/zivers.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zivers.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; rewrite ^/(.*)$ https://www.zivers.com/$1 permanent; } server { listen 443 ssl; ssl_certificate /etc/letsencrypt/live/zivers.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zivers.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; root /var/www/zivers.com; index index.php; server_name www.zivers.com; ... }