How to use Encrypt SSL for Nginx

1.First, install the EPEL (Extra Packages for Enterprise Linux) repository:

$ sudo yum install epel-release

2.need git in order to download the Let’s Encrypt client. To install git, run:

$ sudo yum install git 

3.Download the Let’s Encrypt Client

$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

4.Set Up the SSL Certificate

$ cd /opt/letsencrypt

$ ./certbot-auto certonly --standalone -d example.com -d www.example.com

example.com is your domain name!!!! /etc/letsencrypt/live/ will save the pem.
5.Generate Strong Diffie-Hellman Group

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

This may take a few minutes but when it's done you will have a strong DH group at /etc/ssl/certs/dhparam.pem.
6.Configure TLS/SSL on Web Server (enter Nginx nginx.conf) add,

listen 443;
ssl on;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

7.setup auto renew

crontab -e
29 2 * * 1 /etc/init.d/nginx stop
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
31 2 * * 1 /etc/init.d/nginx start
最后修改:2018 年 01 月 11 日
如果觉得我的文章对你有用,请随意赞赏