配置基本的Nginx设置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
|
这里location配置了一个/.well-known/acme-challenge/路径,里面host了简单文件,我这里host了一个简单的html文件。原因是你必须证明,你拥有所请求的证书的域名。因为 Let’s Encrypt要求你host一些文件。
证书90天过期
Let’s Encrypt证书会在90天后过期,需要配置脚本自动更新证书。
1
2
3
4
5
6
7
8
9
|
|
示例配置:
server { server_name www.domain.com domain.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass https://shops.domain.com/; proxy_set_header Host $host; } location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /usr/share/nginx/html; } location = /.well-known/acme-challenge/ { return 404; } }