Operation and Maintenance Notes: free HTTPS certificate



Before reading this article, if you don’t knowhttpandhttpsYes, we should first move to Baidu or Google.

Source of certificate

  • buy
  • Self generated

    • Linux command generation, prompt unsafe
    • Using other third-party tools, cerbot is introduced here

Operation steps

  1. Make sure that the domain name you want to add the certificate has been resolved to the server
  2. git clone https://github.com/certbot/ce…
  3. Go to the directory and findcerbot-auto
  4. Suppose your domain name is www.test.com and your email address is [email protected]
    Execute. / cerbot auto certonly — standalone — email ‘ [email protected] ‘ -d www.test.com
  5. Successful execution/etc/letsencrypt/live/You can see the corresponding certificate file in the directory
  6. Two line configuration of nginx

     ssl_certificate       /etc/letsencrypt/live/www.test.com/fullchain.pem;
     ssl_certificate_key   /etc/letsencrypt/live/www.test.com/privkey.pem;

Possible problems

1. Failed to generate certificate, need toShut down nginx firstTo execute successfully
2. The certificate is valid for 90 days and requires a command./cerbot-auto renew, and restart nginx to load the certificate. As for this step, it can be considered as appropriate. The operation of renew certificate and reload nginx can be written into a simple sh file, and then added to thecrontab

Certificate validity query method

Operation and Maintenance Notes: free HTTPS certificate