ubuntu部署ssl证书

QC七哥2025-03-17 8:39

证书安装

在进行证书安装前,需要将域名的 DNS 指定到你的 ubuntu 服务器节点上,ubuntu 安装 Let's Encrypt 证书步骤如下

安装 certbot 工具

shell 复制代码 
apt update
apt install certbot python3-certbot-nginx

运行 certbot 命令进行证书安装

对于 nginx

shell 复制代码 
certbot --nginx -d mydomain.com -d www.mydomain.com

对于 apache

shell 复制代码 
certbot --apache -d mydomain.com -d www.mydomain.com

如果不填写邮箱的话,可以指定 certbot 参数 --register-unsafely-without-email,生成证书的输出如下

shell 复制代码 
root@ubuntu:~# certbot --nginx -d mydomain.com -d www.mydomain.com --register-unsafely-without-email 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: 
(Y)es/(N)o: y
Account registered.
Requesting a certificate for mydomain.com and www.mydomain.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mydomain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/mydomain.com/privkey.pem
This certificate expires on 2025-06-13.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for mydomain.com to /etc/nginx/nginx.conf
Successfully deployed certificate for www.mydomain.com to /etc/nginx/nginx.conf
Congratulations! You have successfully enabled HTTPS on https://mydomain.com and https://www.mydomain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

自动续订证书

Let's Encrypt 证书的有效期为 90 天,需要定期续订避免过期,Certbot 会自动设置一个系统定时器,以自动续订证书

可以使用以下命令来测试证书续订

shell 复制代码 
certbot renew --dry-run

输出信息如下

shell 复制代码 
root@ubuntu:~# certbot renew --dry-run 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mydomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for mydomain.com and www.mydomain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded: 
  /etc/letsencrypt/live/mydomain.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
相关推荐
RisunJan17 分钟前
Linux命令-ngrep(方便的数据包匹配和显示工具)
linux·运维·服务器
.千余18 分钟前
【Linux】基本指令3
linux·服务器·开发语言·学习
热爱Liunx的丘丘人34 分钟前
Ansible-doc及常用模块
linux·运维·服务器·ansible
SPC的存折1 小时前
D在 Alpine 容器中手动搭建 Discuz 全攻略(包含镜像一键部署脚本,可直接用)
linux·数据库·mysql·缓存
烛衔溟2 小时前
TypeScript this 参数类型与全局 this
javascript·ubuntu·typescript
feng_you_ying_li3 小时前
linux之运行状态(2),内核链表与进程状态
linux
图图玩ai3 小时前
SSH 命令管理工具怎么选?从命令收藏到批量执行一次讲清
linux·nginx·docker·ai·程序员·ssh·可视化·gmssh·批量命令执行
似水এ᭄往昔4 小时前
【Linux】--基础IO
linux·服务器
StarryX4 小时前
Mac 用 UTM 装 Debian 实操教程(二)
linux
CXH7284 小时前
nginx——https
运维·nginx·https
热门推荐
012026年4月技术前沿:AI大模型爆发、智能体革命与量子安全新纪元02GitHub 镜像站点032026 年 AI 编程助手全面对比评测:Cursor vs Copilot vs Claude Code vs GitHub Copilot Free042026年4月AI大事件深度解读:大模型竞争进入“深水区“05Claude Code Windows 兼容性问题:指定版本 2.1.112 可解决06AI Weekly | 2026年4月第二周 · GitHub热门项目与AI发展趋势深度解析07UBUNTU Claude Code 报错 claude native binary not installed08近期有什么ai的新消息,新动态? 2026.4月09从限购到畅通:GLM-5.1 Coding Plan接入攻略10从零部署 Hermes Agent:一只"会成长的 AI 马"保姆级安装教程