Using Certbot in CentOS7 to configure Nginx to support the generic domain HTTPS, for example, we apply for the generic domain certificate of zqyu.com
Install Certbot
$ sudo yum install python2-certbot-nginx
Copy the code2. Generate a certificate
$ certbot certonly --manual -d zqyu.com -d *.zqyu.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Copy the codeAn error occurred during installation. Procedure
ImportError: No module named ‘requests.packages.urllib3’
Just update the software
$ pip uninstall requests
$ pip uninstall urllib3
$ yum remove python-urllib3
$ yum remove python-requests
$ yum install python-urllib3
$ yum install python-requests
$ yum install certbot
Copy the codeRun the certificate generation command again, fill in the corresponding information as prompted, and add the resolution TXT record in domain name resolution
Please deploy a DNS TXT record under the name _acme-challenge.[your domain name] with the following value: Lagfse1_ml8l2t35guyw1iq-hz8dncqukxd131fzq3w [this is the token generated during installation] Before continuing, verify the record is deployed.Copy the codeIf the installation is successful, the following message is displayed
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/[Your domain name]/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/[Your domain name]/privkey.pem Your cert will expire on 2019-01-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-leCopy the codeConfigure certificates in nginx
server { listen 80; Server_name [your domain name]; return 301 https://$server_name$request_uri; } server { listen 443 ssl; Server_name [your domain name]; Ssl_certificate /etc/letsencrypt/live/[your domain name]/ fullchain-pem; ssl_certificate /etc/letsencrypt/live/[your domain name]/ fullchain-pem; Ssl_certificate_key /etc/letsencrypt/live/[your domain name]/privkey.pem; Root [the root of your website]; location / { access_log off; }}Copy the codeReload the nginx rule nginx -s reload
4. Automatically update certificates
The Let’s Encrypt certificate is valid for 90 days, after which you need to reinstall it
Five, the unloading
$ yum remove certbot python2-certbot-nginx
$ yum autoremove
Copy the code