Using Certbot in CentOS7 to configure Nginx to support the generic domain HTTPS, for example, we apply for the generic domain certificate of zqyu.com
Install Certbot
$ sudo yum install python2-certbot-nginx
Copy the code
2. Generate a certificate
$ certbot certonly --manual -d zqyu.com -d *.zqyu.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Copy the code
An error occurred during installation. Procedure
ImportError: No module named ‘requests.packages.urllib3’
Just update the software
$ pip uninstall requests
$ pip uninstall urllib3
$ yum remove python-urllib3
$ yum remove python-requests
$ yum install python-urllib3
$ yum install python-requests
$ yum install certbot
Copy the code
Run the certificate generation command again, fill in the corresponding information as prompted, and add the resolution TXT record in domain name resolution
Please deploy a DNS TXT record under the name _acme-challenge.[your domain name] with the following value: Lagfse1_ml8l2t35guyw1iq-hz8dncqukxd131fzq3w [this is the token generated during installation] Before continuing, verify the record is deployed.Copy the code
If the installation is successful, the following message is displayed
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/[Your domain name]/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/[Your domain name]/privkey.pem Your cert will expire on 2019-01-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-leCopy the code
Configure certificates in nginx
server { listen 80; Server_name [your domain name]; return 301 https://$server_name$request_uri; } server { listen 443 ssl; Server_name [your domain name]; Ssl_certificate /etc/letsencrypt/live/[your domain name]/ fullchain-pem; ssl_certificate /etc/letsencrypt/live/[your domain name]/ fullchain-pem; Ssl_certificate_key /etc/letsencrypt/live/[your domain name]/privkey.pem; Root [the root of your website]; location / { access_log off; }}Copy the code
Reload the nginx rule nginx -s reload
4. Automatically update certificates
The Let’s Encrypt certificate is valid for 90 days, after which you need to reinstall it
Five, the unloading
$ yum remove certbot python2-certbot-nginx
$ yum autoremove
Copy the code