1. 安装certbot客户端
cd /usr/local/bin
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
2. 创建目录和配置nginx用于验证域名
mkdir -p /data/www/letsencryptserver {listen 80;server_name ~^(?<subdomain>.+).ninvfeng.com;location /.well-known/ {root /data/www/letsencrypt;allow all;}location / {return 301 https://$subdomain.ninvfeng.com$request_uri;}}3. 生成证书
certbot-auto certonly --webroot -w /data/www/letsencrypt -d jianli.ninvfeng.com
4. 配置nginx https
server {listen 443;server_name jianli.ninvfeng.com;root /data/www/jianli;location / {index index.php index.html;}location ~ \.php$ {fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;}if (!-e $request_filename) {rewrite ^/(.*) /index.php?$1 last;}ssl on;ssl_certificate /etc/letsencrypt/live/jianli.ninvfeng.com/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/jianli.ninvfeng.com/privkey.pem;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;
}该方法生成的证书有效期为90天, 在到期前我们需要执行以下命令更新证书
certbot-auto renew0 0 1 * * certbot-auto renew --quiet --renew-hook "nginx -s reload"
![[数据结构]插入和希尔排序](https://img-blog.csdnimg.cn/direct/4178a8c92ab44a49b688378c0b8a9bf5.png)
