安装certbot
yuminstall certbot -y
申请ssl
sudocertbotcertonly-dkg.tycomoe.xyz-dkg.tycomoe.xyz
输入选择1临时web服务,输入邮箱按照我的输入即可
最后成功创建ssl证书,这是证书路径
把证书目录配置到nginx文件中
usernginx nginx;worker_processes1;events{worker_connections1024;}http{includemime.types;default_typeapplication/octet-stream;sendfileon;keepalive_timeout65;log_formathua'[$time_iso8601] - [$remote_addr] - [$status] - [$request] - [$request_completion] - [$request_time] - [$request_body] ';server{listen80;server_namelocalhost; }server{listen443ssl;server_namelocalhost;ssl_certificate/etc/letsencrypt/live/域名/fullchain.pem;ssl_certificate_key/etc/letsencrypt/live/域名/privkey.pem;ssl_session_timeout10m;ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocolsTLSv1 TLSv1.1TLSv1.2;ssl_prefer_server_cipherson;location/ {roothtml;indexindex.html index.htm; }}}
设置定时自动续期
00***"systemctl stop nginx ; /bin/certbot renew ; systemctl restart nginx"