LetsEncrypt证书申请

  • 下载脚本文件git clone https://github.com/letsencrypt/letsencrypt
  • 配置插件支持
  • 在nginx中配置.well-known目录,后面申请证书会在这个目录写入验证信息sudo vim /etc/nginx/sites-available/default
在配置文件中添加如下信息
location ~ /.well-known {
    allow all;
}
  • 安装证书 安装证书命令如下./letsencrypt-auto certonly --webroot --webroot-path /home/lniwn/www/oaoa-blog/flask-blog/ -d oaoa.me -d blog.oaoa.me -d www.oaoa.me -d wx.oaoa.me --agree-tos --email xxxx@live.com==↑有多个二级域名一定要写全,否则Chrome访问会不识别证书==
  • 设置定时任务
  • 创建timer文件
  • 创建service文件
  • 激活systemctl enable certbot.timer
  • 启动systemctl start certbot.timer
  • 重新加载systemctl daemon-reload
  • 查看所有定时任务systemctl list-timers
vim /etc/systemd/system/certbot.timer
[Unit]
Description=certbot timer

[Timer]
OnUnitActiveSec=2months
Persistent=true
Unit=certbot.service

[Install]
WantedBy=timers.target
vim /etc/systemd/system/certbot.service
[Unit]
Description=Let's Encrypt renewal
After=network.target

[Service]
Type=oneshot
WorkingDirectory=/home/lniwn/local/certbot/
ExecStart=/home/lniwn/local/certbot/letsencrypt-auto renew --quiet --agree-tos
ExecStartPost=/bin/systemctl reload nginx.service
参考页面 - qiwihui - 凹凸实验室 - ArchLinux - DigitalOcean
badge