Certbot申请免费 HTTPS 证书及自动续期
安装 Certbot
yum install epel-release -y
yum install certbot -y
生成证书(确保域名解析成功能访问,否则会失败):
certbot certonly --webroot -w /www/cqc_blog/public
#按照要求输入邮箱和域名,成功会生成证书的存放路径
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/chenqicheng.com/fullchain.pem #ssl_certificate
Your key file has been saved at:
/etc/letsencrypt/live/chenqicheng.com/privkey.pem #ssl_certificate_key
Your certificate will expire on 2025-06-18. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
docker-compose.yml添加映射
services:
nginx:
build:
context: ./services/nginx
args:
NGINX_VERSION: nginx:${NGINX_VERSION}
CONTAINER_PACKAGE_URL: ${CONTAINER_PACKAGE_URL}
NGINX_INSTALL_APPS: ${NGINX_INSTALL_APPS}
container_name: nginx
ports:
- "${NGINX_HTTP_HOST_PORT}:80"
- "${NGINX_HTTPS_HOST_PORT}:443"
volumes:
- ${SOURCE_DIR}:/www/:rw
- ${NGINX_SSL_CERTIFICATE_DIR}:/ssl:rw
- ${NGINX_CONFD_DIR}:/etc/nginx/conf.d/:rw
- ${NGINX_CONF_FILE}:/etc/nginx/nginx.conf:ro
- ${NGINX_FASTCGI_PHP_CONF}:/etc/nginx/fastcgi-php.conf:ro
- ${NGINX_FASTCGI_PARAMS}:/etc/nginx/fastcgi_params:ro
- ${NGINX_LOG_DIR}:/var/log/nginx/:rw
- /etc/letsencrypt:/etc/letsencrypt:rw #生成证书的位置
environment:
TZ: "$TZ"
restart: always
networks:
- default
nginx证书:
server {
listen 443 ssl;
server_name *.chenqicheng.com;
root /www/cqc_blog/public;
index index.php index.html index.htm;
#charset koi8-r;
access_log /dev/null;
access_log /var/log/nginx/nginx.cqc_blog.access.log main;
error_log /var/log/nginx/nginx.cqc_blog.error.log warn;
#error_page 404 /404.html;
ssl_certificate /etc/letsencrypt/live/chenqicheng.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chenqicheng.com/privkey.pem;
检查nginx配置
docker exec nginx nginx -t
docker restart nginx
模拟续订(测试用):
certbot renew --dry-run
真实续订(正式用):
certbot renew
定时任务自动续期
0 0 1 * * certbot renew --quiet --renew-hook 'docker restart nginx' > /dev/null 2>&1
请先登录后发表评论
- latest comments
- 总共0条评论
最新评论