升东运维是一家专业从事Linux/Freebsd Unix/Windows平台网站维护业务的公司,专业提供Linux(CentOS Redhat Ubuntu等),Unix(Freebsd),Nginx,Apache等系统及网站维护,七年从业经验

freebsd下配置lets-encrypt ssl证书第二种方式

1.先配置好nginx well-known访问

server { 
 ...
 location /.well-known/ {
 alias /wwwroot/ppkj.net/.well-known/;
 }
 ...
}

 

2.安装git ,安装virtualenv, 安装python(如果没有),邮箱和域名改成自己的

cd /usr/ports/devel/git && make install clean

git clone https://github.com/letsencrypt/letsencrypt  /disk/letsencrypt

cd /usr/ports/devel/py-virtualenv && make install clean

cd /disk/letsencrypt

./letsencrypt-auto certonly –webroot -w /wwwroot/ppkj.net/ -d www.ppkj.net –email [email protected] –agree-tos –no-bootstrap

 

3.配置证书 ,生成后的key和密钥位置/etc/letsencrypt/live/www.ppkj.net/

server { 
 listen 443 ;
 ssl on;
 ssl_certificate /etc/letsencrypt/live/www.ppkj.net/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/www.ppkj.net/privkey.pem;
... 
}

4. 重启nginx即可

自动续期命令:(自行添加到计划任务)

/disk/letsencrypt/letsencryptauto renew 

Leave a Reply