Let’s Encrypt

重新生成證書

1. docker restart my-app

2. 啟動系統nginx 80 端口

sudo lsof -i :80

sudo pkill nginx

3. 設置nginx

    listen 80;
    listen [::]:80;
   
    server_name erp.my.com;
   
    location /.well-known/acme-challenge/ {
        root /var/www/html;
        allow all;
    }

4.啟動 nginx 80

sudo systemctl start nginx

5. 申請新證書

sudo certbot renew

Congratulations, all renewals succeeded:
  /etc/letsencrypt/live/erp.my.com/fullchain.pem (success)

6. 授權

   cp privkey.pem fullchain.pem cert.pem chain.pem /opt/workspace/myapp/ssl2

7. 重新啟動 app

檢查證書

1. 檢查期限

sudo certbot certificates

2. 重新生成

sudo certbot renew --dry-run

附件

/etc/nginx/sites-available 下面配置 default

server {

    listen 80;
    listen [::]:80;

    server_name weberp.eilhk.com;

    location /.well-known/acme-challenge/ {
        root /var/www/html;
        allow all;
    }

    location / {
        root /var/www/html;
        index index.html index.htm;
    }
	server_name _;
}

生成证书在/etc/letsencrypt/live/app.mywebsite.com