git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
chmod +x letsencrypt-auto
./letsencrypt-auto certonly -a webroot --webroot-path=/home/www/demo.com --email email@yourname.com -d demo.com -d www.demo.com将目录、邮箱和域名换成你自己的
就说明安装证书成功了!
并且能看到证书的目录:/etc/letsencrypt/live/demo.com
该目录下有四个文件
cert.pem - Apache 服务器端证书
chain.pem - Apache 根证书和中继证书
fullchain.pem - Nginx 所需要 ssl_certificate 文件
privkey.pem - 安全证书 KEY 文件
打开 nginx 配置文件,我的是:/usr/local/nginx/conf/vhost/default.conf。
修改记录:
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
ssl.conf 中:
ssl_certificate /etc/letsencrypt/live/demo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demo.com/privkey.pem;
保存之后,重启nginx
原文:http://www.cnblogs.com/no-password/p/7811074.html