⬇️记录了如何安装配置certbot
最近又新写了一些网站,频繁用到certbot,再记录一些常用指令
快速注册证书:
certbot certonly --standalone -d ${YOUR_DOMAIN}
注意,在快速注册证书时,需先关闭nginx进程,不然会端口冲突
注册完成后,如果没自动修改相应的conf文件,需手动添加
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/${YOUR DOMAIN}/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/${YOUR DOMAIN}/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/${YOUR DOMAIN}/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
另外在server block添加301转发:
if ($host = ${YOUR DOMAIN}) {
return 301 https://$host$request_uri;
} # managed by Certbot
然后更新nginx服务
nginx -t nginx -s reload
吊销证书:
certbot revoke --cert-path /etc/letsencrypt/archive/${YOUR_DOMAIN}/cert1.pem