CentOS 7 nginx 通过 certbot 配置 https

环境说明

• CentOS 7.6
• nginx 通过 yum 安装

下载 certbot

配置 https 前，需要保证域名绑定的网站可以通过 http 形式访问，并且 nginx 最好是通过 yum 方式安装。

yum install -y http://mirrors.sohu.com/fedora-epel/epel-release-latest-7.noarch.rpm
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

yum install -y certbot python2-certbot-nginx

配置和安装 https 证书

certbot --nginx

根据图片的位置，输入对应的内容，回车继续下一步。

输入对应的域名前面的数字，这里我要配置的域名为 nide.dev ，所以输入 1 ，回车继续。

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: nide.dev
2: childsay.com
3: www.childsay.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1

选择是否需要把 http 请求跳转到 https ，1 表示不跳转，2 表示跳转。

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

回车后看到 Congratulations! You have successfully enabled https://nide.dev 则表示配置 https 成功。

自动更新 https 证书

由于 certbot 配置的证书有效期为 90 天，所以需要在证书到期前自动更新。

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | tee -a /etc/crontab > /dev/null