Let's Encrypt - Free SSL/TLS Certificates

1. 获取证书:

先停Nginx

1
docker stop nginx

生成证书

1
./certbot-auto certonly --standalone --email chrislu.name@gmail.com -d ichris.info -d www.ichris.info -d api.ichris.info -d console.ichris.info

创建符号链接,可选操作,建议做。因为生成证书后,复制证书麻烦,而且每次更新后都需要复制一次;配置指向/etc目录可能会没有权限,符号链接是最简单高效的办法。

1
2
ln -s /etc/letsencrypt/live/[path]/fullchain.pem /[path]/[to]/[web]/[certs]/fullchain.pem
ln -s /etc/letsencrypt/live/[path]/privkey.pem /[path]/[to]/[web]/[certs]/privkey.pem

启动Nginx

1
docker start nginx

2. 更新证书:

1
certbot-auto renew --pre-hook "docker stop nginx" --post-hook "docker start nginx"

3. 添加到调度中,每周1凌晨3点检测一次

1
0 3 * * 1 /opt/service/certbot-0.28.0/certbot-auto renew --pre-hook "docker stop nginx" --post-hook "docker start nginx"

参考