Shulou(Shulou.com)06/01 Report--

In this article, the editor introduces in detail "how to build a HTTPS website in Let's Encrypt". The content is detailed, the steps are clear, and the details are handled properly. I hope this article "how to build a HTTPS website in Let's Encrypt" can help you solve your doubts.

Environment

CentOS7.3,Nignx,Let's Encrypt of Ali CVM is used as a free HTTPS certificate.

Installation

1. Server open port: 443Power80 (both the server firewall and the Aliyun console should open these two ports. If the domain name is not set later, it will report an error that the connection domain name timed out.)

2. Install a nginx and test whether it is accessible. Visit a home page and try it.

3. When we are ready, we will start the installation and get the certificate from the server:

$git clone https://github.com/letsencrypt/letsencrypt.git$ cd letsencrypt $sudo. / letsencrypt-auto certonly

According to the wizard, choose standalone mode to fill in your email domain name and so on.

4. Then we can see the privkey.pem and fullchain.pem files under / etc/letsencrypt/live/mydomain

Configuration

5. We modify the nginx configuration file, block the http configuration file, and set the https configuration file to support https protocol. The default nginx configuration file path / etc/nginx/nginx.conf:

Server {listen 443 ssl http2 default_server;listen [:]: 443 ssl http2 default_server;server_name www.linuxidc.com;root / usr/share/nginx/html;ssl_certificate "/ etc/letsencrypt/live/www.linuxidc.com/fullchain.pem"; ssl_certificate_key "/ etc/letsencrypt/live/www.linuxidc.com/privkey.pem"; ssl_session_cache shared:SSL:1m;ssl_session_timeout 10m # Load configuration files for the default server block.include / etc/nginx/default.d/*.conf;location / {} location ~\. Php$ {root / usr/share/nginx/html;fastcgi_pass 127.0.0.1 location 9000X fastcgival index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;} error_page 404 / 404.htmltransferlocation = / 40x.html {} error_page 500502503504 / 50x.htmltransferlocation = / 50x.html {}

In fact, there is a template for https behind the nginx configuration file, which is blocked by default.

Visit

6. Then we restart nginx,systemctl stop nginx.service and systemctl start nginx.service. It is not possible to access a certain page of the website with http protocol, but successfully access it with https protocol. Https://www.linuxidc.com/indexs.html

7. Before, we shielded the configuration of http for fear of conflicts. Now we want to automatically jump to https when accessing http. For example, if we access baidu.com, we will automatically jump to https://www.baidu.com.

Let's add another server to realize the jump.

Server {listen 80th serverroomname www.linuxidc.com;return 301 https://$host$request_uri;}

Then restart nginx

8. Finally, let's take a look at the issued certificate. Right-click-> check-> security- > View certificate. Let's see that the certificate is valid for 3 months. Letsencrypt supports obtaining the certificate automatically, that is, you can set it to request a new certificate automatically before the certificate expires, for example, one month, so that we do not have to worry about the certificate invalidation in the future.

9. To update the certificate regularly, we can use the timer crontab that comes with linux

$crontab-e

Enter:

30 2 1 * / usr/bin/certbot renew > > / var/log/le-renew.log35 2 1 * * / usr/bin/systemctl reload nginx

Keep exiting, which means that the certificate is automatically updated at 02:30 on the 1st of each month, and the nginx is reloaded at 02:35 on the 1st of every month.

After reading this, the article "how to build a HTTPS website in Let's Encrypt" has been introduced. If you want to master the knowledge points of this article, you still need to practice and use it yourself. If you want to know more about related articles, welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.