证书申请成功后,会在/etc/letsencrypt/live/proxy.cloudbypass.com/目录下生成证书文件
certbot certonly --webroot -w /var/www/jenkins.zoowayss.top -d jenkins.zoowayss.top
certbot certonly --webroot -w /usr/share/nginx/www/admin.fastip.io -d admin.fastip.io
certbot certonly --webroot -w /var/www/yourdomain.cn -d console.yourdomain.cn
强制更新证书
certbot renew --force-renewal
强制更新脚本
#!/bin/bash
# filename: /home/renew.sh
certbot renew --force-renewal >> /var/log/certbot.log 2>&1
nginx -s reload
定时任务,每个月1号0点0分执行
# filename: /etc/cron.d/certbot
crontab -e
0 0 1 * * root /home/renew.sh
nginx 配置
server {
listen 80;
listen [::]:80;
server_name yourdomain.cn;
root /opt/front/web/dist;
# ssl证书认证路由
location ^~ /.well-known/acme-challenge/ {
root /var/www/yourdomain.cn;
}
# Redirect HTTP to HTTPS
location / {
return 301 https://$host$request_uri;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# HTTPS server
server {
listen 443 ssl;
server_name yourdomain.cn; # 替换为你的域名
# 证书路径
ssl_certificate /etc/letsencrypt/live/salesea.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/salesea.cn/privkey.pem;
location / {
root /opt/front/salesea-web/dist;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /api {
rewrite ^/api(.*)$ $1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend;
}
}