sudo snap install --classic certbot
执行sudo certbot --nginx
第一次执行需要填个邮箱来注册,所有步骤如下
// 1. 输入你的邮箱 Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): xxx@xxx.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // 2. 是否同意服务条款,输入y Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // 3. 是否同意接收推送邮件,输入y或n Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: n Account registered. Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: xxxxx.com 2: yyyyy.com // 4. 选择给nginx配置中的域名添加证书,输入序号选择,或直接回车选择所有 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): Requesting a certificate for xxxxx.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/xxxxx.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/xxxxx.com/privkey.pem This certificate expires on 2022-08-01. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for xxxxx.com to /etc/nginx/sites-enabled/xxxx Congratulations! You have successfully enabled HTTPS on xxxxx.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // 5.结束,可直接访问https站点手动更新证书
sudo certbot renew
证书有效期为3个月,默认到期前会自动更新,修改配置后需手动更新
