如果您的网站想启用https,但是还没找到合适的方法；那使用letencrypt是个不错的选择；本文介绍使用letencrypt配置证书，使您的网站轻松启用https。 letsencrypt.org/zh-cn/getti…

一、步骤

1. 下载letencrypt项目

github速度慢的话可以使用码云地址

 git clone https://github.com/letsencrypt/letsencrypt

2. 执行一下命令生成证书

cd letsencrypt
./certbot-auto certonly --email xxxxx@163.com --agree-tos --no-eff-email --webroot-path=/root/linge/cert -d xxxx.com -d www.xxxx.com

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator nginx, Installer None
Obtaining a new certificate

3. 生成成功

4. 配置nginx

注意：关键配置！

server {
    listen       443 ssl;
    server_name  www.xxxx.com xxxx.com;
    ssl on;  # 关键！
    ssl_certificate      /etc/letsencrypt/live/xxx.vip/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/xxx.vip/privkey.pem;
    #ssl_protocols SSLv3 TLSv1.2;  # 关键！
    #ssl_session_cache    shared:SSL:1m;
    #ssl_session_timeout  5m;
    #ssl_ciphers  HIGH:!aNULL:!MD5;

    root /root/data/www/hjf_admin/dist/;
    index  index.html index.htm;

    location / {
         index  index.html index.htm;
         root /root/data/www/hjf_admin/dist/;
    }
    # 配置缓存 html文件不缓存
    location ~* .*\.(html)$ {
        add_header Cache-Control 'no-store';
        root /root/data/www/hjf_admin/dist;
    }
    access_log /root/logs/nginx/hjf_admin_access.log;
    error_log /root/logs/nginx/hjf_admin_error.log;
 }
server {
    listen   80;
    server_name www.xxx.vip xxx.vip;
    return 301 https://$server_name$request_uri;
}

5. 访问验证

FAQ

1.出现一下问题

Challenge failed for domain xxx.vip
Challenge failed for domain www.xxx.vip

解决

server {
    listen       80;
    server_name  www.xxxx.com  xxxx.com;
    location / {
        root /;
        autoindex on;
    }
    access_log /root/logs/nginx/hjf_admin_access.log;
    error_log /root/logs/nginx/hjf_admin_error.log;
 }

2. An unexpected error occurred:

There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see letsencrypt.org/docs/rate-l… Please see the logfiles in /var/log/letsencrypt for more details.

重试次数太多了，等待一段时间后再尝试

3.配置好了提示安全性已过期

检查nginx下面这项配置SSLv3 TLSv1.2 有区别

#ssl_protocols SSLv3 TLSv1.2;

4.配置好了任然提示不安全

nginx 是否有 ssl on 配置

5.ascii codec can't encode characters