If you want to enable HTTPS for your site, but haven’t found a way to do so; Letencrypt is a good choice; This article describes configuring certificates using Letencrypt to make it easy to enable HTTPS on your site. Letsencrypt.org/zh-cn/getti…
A, steps,
Download the Letencrypt project
If Github is slow, you can use the code cloud address
git clone https://github.com/letsencrypt/letsencrypt
Copy the code
2. Run the following command to generate a certificate
cd letsencrypt
./certbot-auto certonly --email xxxxx@163.com --agree-tos --no-eff-email --webroot-path=/root/linge/cert -d xxxx.com -d www.xxxx.com
Copy the code
How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Nginx Web Server plugin (nginx) 2: Spin up a temporary webserver (standalone) 3: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1 Plugins selected: Authenticator nginx, Installer None Obtaining a new certificateCopy the code
3. The generation is successful
4. Configure nginx
Note: Key configuration!
server { listen 443 ssl; server_name www.xxxx.com xxxx.com; ssl on; # key! ssl_certificate /etc/letsencrypt/live/xxx.vip/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxx.vip/privkey.pem; # ssl_protocols SSLv3 TLSv1.2; # key! #ssl_session_cache shared:SSL:1m; #ssl_session_timeout 5m; #ssl_ciphers HIGH:! aNULL:! MD5; root /root/data/www/hjf_admin/dist/; index index.html index.htm; location / { index index.html index.htm; root /root/data/www/hjf_admin/dist/; ${add_header cache-control 'no-store'; ${add_header cache-control 'no-store'; root /root/data/www/hjf_admin/dist; } access_log /root/logs/nginx/hjf_admin_access.log; error_log /root/logs/nginx/hjf_admin_error.log; } server { listen 80; server_name www.xxx.vip xxx.vip; return 301 https://$server_name$request_uri; }Copy the code
5. Access authentication
1. There is a problem
Challenge failed for domain xxx.vip
Challenge failed for domain www.xxx.vip
Copy the code
To solve
server {
listen 80;
server_name www.xxxx.com xxxx.com;
location / {
root /;
autoindex on;
access_log /root/logs/nginx/hjf_admin_access.log;
error_log /root/logs/nginx/hjf_admin_error.log;
Copy the code
2. An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: See letsencrypt.org/docs/rate-l… Please see the logfiles in /var/log/letsencrypt for more details.
There are too many retries. Wait a while and try again
3. If the configuration is complete, a message is displayed indicating that the security has expired
Check nginx for differences in SSLv3 TLSv1.2
# ssl_protocols SSLv3 TLSv1.2;
4. If the configuration is complete, an insecure message is displayed
Whether nginx has SSL on configuration