sudo yum install certbotsudo certbot --nginx -d xxx.com -d xxx.com以上命令在使用中提示下面的错误,但是我服务器上是已经安装好nginx。
The requested nginx plugin does not appear to be installed
所以只好手动配置,运行以下命令。
sudo certbot certonly --standalone -d xxx.com -d www.xxx.com报错:Problem binding to port 80: Could not bind to IPv4 or IPv6. ,是因为80端口被占用
systemctl stop nginx再重新生成证书,输入邮箱,按提示一步步就能完成。
server {
listen 80;
server_name xxx.com www.xxx.com
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name xxx.com www.xxx.com;
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}# 编辑crontab
crontab -e
# 添加如下内容
0 0 1 */3 * sudo systemctl stop nginx && certbot -q renew --renew-hook "systemctl restart nginx" && systemctl restart nginx
# 查看当前用户周期任务
crontab -lvim 常用命令
i插入
wq保存退出
sudo certbot certificates //证书有效期查询
sudo systemctl stop nginx //关闭nginx,解除占用端口
sudo certbot renew //续签证书
sudo systemctl restart nginx //重启nginx
sudo certbot certificates?httpsok一行命令,轻松搞定SSL证书自动续签。
httpsok.com/p/4ORH
支持:nginx、通配符证书、七牛云、腾讯云、阿里云、CDN、OSS、LB(负载均衡)