How to use Encrypt SSL for Nginx

1.First, install the EPEL (Extra Packages for Enterprise Linux) repository:

$ sudo yum install epel-release

2.need git in order to download the Let’s Encrypt client. To install git, run:

$ sudo yum install git 

3.Download the Let’s Encrypt Client

$ sudo git clone /opt/letsencrypt

4.Set Up the SSL Certificate

$ cd /opt/letsencrypt

$ ./certbot-auto certonly --standalone -d -d is your domain name!!!! /etc/letsencrypt/live/ will save the pem.
5.Generate Strong Diffie-Hellman Group

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

This may take a few minutes but when it's done you will have a strong DH group at /etc/ssl/certs/dhparam.pem.
6.Configure TLS/SSL on Web Server (enter Nginx nginx.conf) add,

listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

7.setup auto renew

crontab -e
29 2 * * 1 /etc/init.d/nginx stop
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
31 2 * * 1 /etc/init.d/nginx start
最后修改:2018 年 01 月 11 日