Linux下安全证书申请以及配置到Nginx

wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh chmod +x letsencrypt.sh

编辑下配置文件:

vim letsencrypt.conf

ACCOUNT_KEY="letsencrypt-account.key"
DOMAIN_KEY="域名.key"
DOMAIN_DIR="网站文件夹"
DOMAINS="DNS:域名,DNS:域名"
#ECC=TRUE
#LIGHTTPD=TRUE

运行:

./letsencrypt.sh letsencrypt.conf

运行后会生成很多文件

其中:

www.chained.crt 域名.key

这两个是要的

nginx配置:

user www;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
worker_connections  1024;
}

http {
include       mime.types;
default_type  application/octet-stream;
#access_log  logs/access.log  main;
sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

#gzip  on;
server {
listen       80;
server_name  域名;
　　　　　#实现自动重写
rewrite ^(.*)$  https://$host$1 permanent;
}
# HTTPS server
server {
listen       443 ssl;
server_name  域名;
#charset: utf-8;
ssl_certificate      /home/wwwroot/www.chained.crt;
ssl_certificate_key  /home/wwwroot/域名.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
root   网站文件夹;
index  index.html index.htm index.php;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 32 32k;
root           网站文件夹;
fastcgi_pass   unix:/tmp/php-fpm.sock;
fastcgi_index  index.php;
#include fastcgi.conf;
fastcgi_param  DOCUMENT_ROOT 网站文件夹;
fastcgi_param  SCRIPT_FILENAME  网站文件夹$fastcgi_script_name;
include        fastcgi_params;
}
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   html;
}
}
}