SSL
# 注册/生成ssl证书
- Download the Let’s Encrypt Client
apt-get update
sudo apt-get install certbot
apt-get install python3-certbot-nginx
#apt-get install python-certbot-nginx
1
2
3
4
2
3
4
- Set Up NGINX
certbot can automatically configure NGINX for SSL/TLS. It looks for and modifies the server block in your NGINX configuration that contains a server_name directive with the domain name you’re requesting a certificate for. In our example, the domain is www.example.com.
Assuming you’re starting with a fresh NGINX install, use a text editor to create a file in the
/etc/nginx/conf.ddirectory nameddomain‑name.conf(so in our example,www.example.com.conf).Specify your domain name (and variants, if any) with the server_name directive:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name example.com www.example.com;
}
1
2
3
4
5
6
2
3
4
5
6
- Save the file, then run this command to verify the syntax of your configuration and restart NGINX:
nginx -t && nginx -s reload
1
- Obtain the SSL/TLS Certificate
- Run the following command to generate certificates with the NGINX plug‑in:
sudo certbot --nginx -d example.com -d www.example.com
1
# 设置过期自动更新ssl证书
使用crontab设定定时更新查询任务
docker容器内安装crontab
apt-get -y install -qq --force-yes cron
# yum install -y -qq --force-yes cron
1
2
2
crontab使用概览 (opens new window)
设置定时任务
crontab -e
0 12 * * * /usr/bin/certbot renew --quiet
1
2
2
编辑 (opens new window)