Let's Encrypt - Free SSL/TLS Certificates 发表于 2018-12-15 | Chris 1. 获取证书: 先停Nginx 1 docker stop nginx 生成证书 1 ./certbot-auto certonly --standalone --email chrislu.name@gmail.com -d ichris.info -d www.ichris.info -d api.ichris.info -d console.ichris.info 创建符号链接,可选操作,建议做。因为生成证书后,复制证书麻烦,而且每次更新后都需要复制一次;配置指向/etc目录可能会没有权限,符号链接是最简单高效的办法。 1 2 ln -s /etc/letsencrypt/live/[path]/fullchain.pem /[path]/[to]/[web]/[certs]/fullchain.pem ln -s /etc/letsencrypt/live/[path]/privkey.pem /[path]/[to]/[web]/[certs]/privkey.pem 启动Nginx 1 docker start nginx 2. 更新证书: 1 certbot-auto renew --pre-hook "docker stop nginx" --post-hook "docker start nginx" 3. 添加到调度中,每周1凌晨3点检测一次 1 0 3 * * 1 /opt/service/certbot-0.28.0/certbot-auto renew --pre-hook "docker stop nginx" --post-hook "docker start nginx" 参考 [阅读全文] Let's Encrypt SSL TLS