Before proceeding, please confirm that nginx has been installed. . .
1, first installcertbot
apt install certbot python3-certbot-nginx2, generate a certificate
certbot --nginx -d example.com -d www.example.comWhen performing this step, you will be asked to fill in your email address to notify you of security issues such as renewal time, the email is convenient, and then some other questions
The operation is successful and finally you can see/etcWhether the directory is generatedletsencrypt directory, (This step may be delayed, I waited for a while to generate it)
3, configure nginx
server {
listen 80;
server_name www.example.com;
#Redirect HTTP 301 to HTTPS
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
server_name www.example.com;
}Finally restart nginx
The above article is referenced from
https://blog.csdn.net/setoy/a…
https://www.cnblogs.com/cool-…
Grateful