{"id":64,"date":"2025-01-08T21:11:33","date_gmt":"2025-01-08T13:11:33","guid":{"rendered":"https:\/\/www.handytoo.com\/?p=64"},"modified":"2025-01-08T21:11:33","modified_gmt":"2025-01-08T13:11:33","slug":"ubuntu%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9fnginx%e4%bd%bf%e7%94%a8lets-encrypt%e7%94%b3%e8%af%b7%e5%92%8c%e4%bd%bf%e7%94%a8https%e6%b5%81%e7%a8%8b","status":"publish","type":"post","link":"http:\/\/www.handytoo.com\/?p=64","title":{"rendered":"Ubuntu\u64cd\u4f5c\u7cfb\u7edfnginx\u4f7f\u7528let\u2018s Encrypt\u7533\u8bf7\u548c\u4f7f\u7528https\u6d41\u7a0b"},"content":{"rendered":"\n<p>Let\u2019s Encrypt\u662f\u4e00\u4e2a\u975e\u76c8\u5229\u7684\uff0c\u514d\u8d39\u7684CA\uff0c\u53ef\u4ee5\u63d0\u4f9b\u514d\u8d39HTTPS\u8ba4\u8bc1\u670d\u52a1\u3002 \u63d0\u4f9b\u4e86\u4e00\u5957\u5b8c\u6574\u7684\u5de5\u5177\uff0c\u57fa\u4e8e\u8fd9\u5957\u5de5\u5177\uff0c\u6211\u4eec\u53ef\u4ee5\u514d\u8d39\u6765\u642d\u5efaHTTPS\u7f51\u7ad9\u3002\u00a0<\/p>\n\n\n\n<p>1 \u5b89\u88c5Certbot<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt-get install certbot python3-certbot-nginx -y<\/code><\/pre>\n\n\n\n<p>2 \u7533\u8bf7\u8bc1\u4e66<\/p>\n\n\n\n<p>\u6bcf\u4e2a-d\u540e\u9762\u662f\u4e00\u4e2a\u57df\u540d<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot certonly --nginx --email email@example.com --agree-tos -d example.com -d www.example.com<\/code><\/pre>\n\n\n\n<p>\u7533\u8bf7\u6210\u529f\u540e\u8bc1\u4e66\u7684\u4fdd\u5b58\u76ee\u5f55\uff1a\/etc\/letsencrypt\/live\/example.com\/<\/p>\n\n\n\n<p>3  \u4fee\u6539nginx\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n<p>\u5728server {} \u5185\u589e\u52a0https\u914d\u7f6e<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>listen 443 ssl http2;\nssl_certificate \/etc\/letsencrypt\/live\/example.com\/fullchain.pem; \nssl_certificate_key \/etc\/letsencrypt\/live\/example.com\/privkey.pem; \nssl_ecdh_curve X25519:secp384r1; \nssl_session_cache shared:SSL:50m; \nssl_session_timeout 1440m; \nssl_session_tickets off; \nssl_protocols TLSv1.2 TLSv1.3; \nssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; \nssl_stapling on; \nssl_stapling_verify on; \nssl_trusted_certificate \/etc\/letsencrypt\/live\/example.com\/chain.pem; \nadd_header Strict-Transport-Security \"max-age=31536000; preload\";<\/code><\/pre>\n\n\n\n<p>4 \u91cd\u8f7dnginx\u914d\u7f6e<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl reload nginx<\/code><\/pre>\n\n\n\n<p>5 \u68c0\u67e5\u662f\u5426\u81ea\u52a8\u542f\u52a8\u66f4\u65b0<\/p>\n\n\n\n<p>\u8bc1\u4e66\u6709\u6548\u671f\u4e3a90\u5929\uff0c\u76ee\u524dcertbot\u5de5\u5177\u6bcf\u5929\u68c0\u67e5\u4e24\u6b21\uff0c\u5728\u5c0f\u4e8e30\u5929\u7684\u65f6\u5019\u4f1a\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66\u3002\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u53ef\u4ee5\u770b\u5230\u8fd0\u884c\u72b6\u6001\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl status certbot.timer<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Let\u2019s Encrypt\u662f\u4e00\u4e2a\u975e\u76c8\u5229\u7684\uff0c\u514d\u8d39\u7684CA\uff0c\u53ef\u4ee5\u63d0\u4f9b\u514d\u8d39HTTPS\u8ba4\u8bc1\u670d\u52a1\u3002 \u63d0\u4f9b\u4e86\u4e00\u5957\u5b8c\u6574\u7684\u5de5\u5177\uff0c [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[23],"class_list":["post-64","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux"],"_links":{"self":[{"href":"http:\/\/www.handytoo.com\/index.php?rest_route=\/wp\/v2\/posts\/64","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.handytoo.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.handytoo.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.handytoo.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.handytoo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=64"}],"version-history":[{"count":1,"href":"http:\/\/www.handytoo.com\/index.php?rest_route=\/wp\/v2\/posts\/64\/revisions"}],"predecessor-version":[{"id":65,"href":"http:\/\/www.handytoo.com\/index.php?rest_route=\/wp\/v2\/posts\/64\/revisions\/65"}],"wp:attachment":[{"href":"http:\/\/www.handytoo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=64"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.handytoo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=64"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.handytoo.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=64"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}