$ git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
$ cd /opt/letsencrypt && ./letsencrypt-auto certonly -a manual --rsa-key-size 4096 --email admin@your-email-domain -d your-domain
接著會要求你設置驗證方式,例如在 Web server document root 埋一個檔案,讓 Let's Encrypt 可以驗證 domain 真的是屬於你的。驗證後就搞定,呈現也下資訊:
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to admin@your-email-domain.
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/your-domain/fullchain.pem. Your cert will
expire on 2016-04-16. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
接著,就來試試 nginx ssl 設定:
$ sudo vim /etc/nginx/conf.d/default.conf
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/your-domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name localhost;
...
$ sudo service nginx restart
搞定
沒有留言:
張貼留言