knowledge-base

我的知识库 / Linux / certbot-auto 生成证书

certbot-auto 生成证书

安装

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
cp ./certbot-auto /usr/local/bin

生成证书

条件:

certbot-auto certonly --standalone --email [email protected] -d test.poneding.com

以上命令执行完成后,将会在 /etc/letsencrypt/live 目录下生成域名证书文件。默认证书有效期为 3 个月。

nginx 配置证书

参考示例:

server {
        listen 80;
        server_name abc.com;
        rewrite ^(.*) https://test.poneding.com permanent;
}
server{
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    ssl_certificate /etc/letsencrypt/live/test.poneding.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/test.poneding.com/privkey.pem;

    server_name test.poneding.com;
    root /web/test.poneding.com/;
}

证书续期

配置定时任务

0 3 1 * * certbot-auto renew --pre-hook "systemctl stop nginx" --renew-hook "systemctl start nginx"

参考

» Linux-history 输出附带日期