Nginx on CentOS使用CertBot更新Let's Encrypt证书

Let’s Encrypt证书有效期为90天,到期后要重新更新一下,一下为手动更新的方法。
以本站静态文件的域名static.36nu.com为例,static.36nu.com 域名对应的webroot为/data/wwwroot/static.36nu.com
首先修改此域名对应的nginx配置文件
/usr/local/nginx/conf/vhost/static.36nu.com.confserver 里面添加如下内容

location ^~ /.well-known/acme-challenge/ {
   default_type "text/plain";
   root     /data/wwwroot/;
}

重新加载Nginx配置

service nginx reload

在命令行执行:

/usr/local/python/bin/certbot certonly --webroot -w /data/wwwroot -d static.36nu.com

提示如下则表示更新成功

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/static.36nu.com/fullchain.pem. Your cert will
   expire on 2018-03-24. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

再重新加载Nginx配置即可

service nginx reload
36nu 分享编程知识及经验

已有账号?立即登录
微信公众号
关注36nu微信公众账号
获取最新编程知识及经验