Linux下SSL证书申请以及配置到Nginx

wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
chmod +x letsencrypt.sh

编辑下配置文件:

vim letsencrypt.conf

ACCOUNT_KEY="letsencrypt-account.key"
DOMAIN_KEY="域名.key"
DOMAIN_DIR="网站文件夹"
DOMAINS="DNS:域名,DNS:域名"
#ECC=TRUE
#LIGHTTPD=TRUE

运行:

./letsencrypt.sh letsencrypt.conf

运行后会生成不少文件

其中:

 www.chained.crt  域名.key

这两个是要的

 

nginx配置:

user www;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    server {
        listen       80;
        server_name  域名;　　　　　#实现自动重写
        rewrite ^(.*)$  https://$host$1 permanent;
    }
    # HTTPS server
    server {
       listen       443 ssl;
       server_name  域名;
       #charset: utf-8;
       ssl_certificate      /home/wwwroot/www.chained.crt;
       ssl_certificate_key  /home/wwwroot/域名.key;
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       location / {
            root   网站文件夹;
            index  index.html index.htm index.php;
        }
        location ~ \.php$ {
            fastcgi_buffer_size 128k;
            fastcgi_buffers 32 32k;
            root           网站文件夹;
            fastcgi_pass   unix:/tmp/php-fpm.sock;
            fastcgi_index  index.php;
            #include fastcgi.conf;
            fastcgi_param  DOCUMENT_ROOT 网站文件夹;
            fastcgi_param  SCRIPT_FILENAME  网站文件夹$fastcgi_script_name;
            include        fastcgi_params;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}