配置nginx使用letsencrypt免费https证书

https://letsencrypt.org/

生成证书

certbot certonly --webroot \
-w /data/web/c4ys/frontend/web/ -d c4ys.com -d www.c4ys.com \
-w /data/web/c4ys/mobile/web/ -d m.c4ys.com

修改nginx配置

listen       443 ssl;
ssl                  on;
ssl_certificate /etc/letsencrypt/live/www.c4ys.com/fullchain.pem;     
ssl_certificate_key /etc/letsencrypt/live/www.c4ys.com/privkey.pem;
ssl_session_cache    shared:SSL:1m;
ssl_session_timeout  5m;
ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers  on;
error_page 497  https://$host$uri?$args;

自动更新证书

0 3 */10 * * certbot renew –quiet
0 3 */10 * * service nginx restart