#安装certbot
yum install epel-releaseyum install certbot#配置nginx,到需要申请证书的配置文件里添加location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root 网站根目录;}location = /.well-known/acme-challenge/ { return 404;}/usr/local/nginx/sbin/nginx -s reload#申请证书certbot certonly --webroot -w 网站根目录 -d 域名#需要填写邮箱和站点需要先配置到DNS#申请完毕配置nginx ssl#----------------------ssl config----------------------- ssl on; #ssl.engine enable; #ssl.ca-file /usr/local/nginx/cert/ca-bundle.pem; ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/your.domain.com/chain.pem; #ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;