前提条件
My HTTP website is running Nginx on Debian 10(或者11)
时间:2024-3-28 16:25:52
你的网站部署在Debain 10(或者11)的 Nginx上
安装单域名证书(默认)(非泛域名)
1 进入自己的云服务器的宝塔面板(即云服务器控制台的外网连接)
2 进入终端标签页
安装snap
进入这个网址
https://snapcraft.io/docs/installing-snapd
选择自己的服务器环境
以 Debian 为例
在终端运行这些指令
snap can be installed directly from the command line:
bash
sudo apt update
sudo apt install snapd
Either log out and back in again, or restart your system, to ensure snap's paths are updated correctly.
After this, install the core
snap in order to get the latest snapd
.
bash
sudo snap install core
To test your system, install the hello-world snap and make sure it runs correctly:
bash
sudo snap install hello-world
hello-world
如果曾经安装过Certbot packages
则需要先卸载移除这些内容
例如
bash
sudo apt-get remove certbot
sudo dnf remove certbot
sudo yum remove certbot
Install Certbot
bash
sudo snap install --classic certbot
Prepare the Certbot command
Execute the following instruction on the command line on the machine to ensure that the certbot
command can be run.
bash
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Run this command to get a certificate and have Certbot edit your nginx configuration automatically to serve it, turning on HTTPS access in a single step.(小白推荐)
bash
sudo certbot --nginx
注意,如果你的nginx不在默认目录/etc/nginx/nginx.conf
则需要修改这个命令,修改后如下
以/www/server/nginx/conf/nginx.conf为例
bash
sudo certbot --nginx-server-root /www/server/nginx/conf
启用自动续订SSL证书
Test automatic renewal
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
bash
sudo certbot renew --dry-run
The command to renew certbot is installed in one of the following locations:
/etc/crontab/
/etc/cron.*/*
systemctl list-timers
3 Confirm that Certbot worked,重新进入自己的网站,看看是否变成了https协议
To confirm that your site is set up properly, visit https://yourwebsite.com/
in your browser and look for the lock icon in the URL bar.
完成
4 去宝塔网站标签页(从这里开始建议不必理会,可以先去看看其他大神)
5 选择自己的网站项目
这里以go项目为例
6 粘贴自己的证书内容(内容哪里找?看第7步)
7 去宝塔文件系统的这个目录/etc/letsencrypt/live/www.xxxxx.com
分别对应privkey.pem 和 fullchain.pem
附录
指定nginx目录,且指定域名,示例
sudo certbot --nginx --nginx-server-root /www/server/nginx/conf -d www.xxxxx.com