欢迎访问 生活随笔!
TAG聚合

生活随笔

当前位置: 首页 >

阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问

发布时间:2025/7/14 79 豆豆
生活随笔 收集整理的这篇文章主要介绍了 阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问 小编觉得挺不错的,现在分享给大家,帮大家做个参考.

用云旺的做IM,ios端图片地址只能是https的才能显示,所以为服务器增加证书

Let’s Encrypt是一个免费并且开源的CA,且已经获得Mozilla、微软等主要浏览器厂商的根授信

1. 下载let's encrypt

apt-get install python-software-properties apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot

2.生成密钥

certbot certonly --standalone -d XXX.com

出现下面代表成功

root@iZ2zedq9lexkebewgjhhwzZ:/etc/letsencrypt# certbot certonly --standalone -d 51best.site Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for XXX.com Waiting for verification... Cleaning up challengesIMPORTANT NOTES:- Congratulations! Your certificate and chain have been saved at:/etc/letsencrypt/live/XXX.com/fullchain.pemYour key file has been saved at:/etc/letsencrypt/live/XXX.com/privkey.pemYour cert will expire on 2017-12-27. To obtain a new or tweakedversion of this certificate in the future, simply run certbotagain. To non-interactively renew *all* of your certificates, run"certbot renew"- If you like Certbot, please consider supporting our work by:Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donateDonating to EFF: https://eff.org/donate-le

默认是在 /etc/letsencrypt/live 路径下

3. 配置nginx

(1)方式一

listen 80 ;
listen 443 ssl; ssl_certificate /etc/letsencrypt/live/XXX.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/XXX.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; listen [::]:443 ssl ipv6only=on;

(2)方式二

listen 443 ssl; ssl_certificate /etc/letsencrypt/live/XXX.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/XXX.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; listen [::]:443 ssl ipv6only=on;

通过https访问,成功。

通过http访问,失败。错误:ERR_CONNECTION_REFUSED

重定向http访问到https

server {listen 80;server_name XXX.com;rewrite ^(.*) https://$server_name$1 permanent; }

访问http,成功

4. 重启nginx

/etc/init.d/nginx restart

http://XXX.com和https://XXX.com都可以访问

5.续期

  Let’s Encrypt 生成的免费证书为3个月时间,使用 certbot renew 可以无限免费续签 Https 证书

先关闭nginx

/etc/init.d/nginx stop certbot renew --dry-run
certbot renew

重启nginx

/etc/init.d/nginx restart

 注:

  如果遇到 [error] open() "/run/nginx.pid" failed (2: No such file or directory)

nginx -c /etc/nginx/nginx.conf

 

总结

以上是生活随笔为你收集整理的阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问的全部内容,希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错,欢迎将生活随笔推荐给好友。