Let’s Encrypt SSL证书

生成

yum install epel-release -y
yum install certbot -y


certbot certonly --webroot -w /home/wwwroot/bt.wktadmin.com -d bt.wktadmin.com -m w@wktadmin.com.com --agree-tos
****

nginx 配置


upstream tornadoes { server 127.0.0.1:8000; server 127.0.0.1:8002; } server { listen 80; server_name bt.wktadmin.com; return 301 https://bt.wktadmin.com$request_uri; } server { listen 443 ssl; server_name bt.wktadmin.com; ssl_certificate /etc/letsencrypt/live/bt.wktadmin.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bt.wktadmin.com/privkey.pem; location /static { root /root/tools/tornado; autoindex on; } location /.well-known { root /home/wwwroot/bt.wktadmin.com; autoindex on; } location / { proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; # 把请求方向代理传给tornado服务器,负载均衡 proxy_pass http://tornadoes; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }

自动更新

30 2 * */2 * /usr/bin/certbot renew --quiet && /bin/systemctl restart nginx

详细:
https://juejin.im/entry/5b59c3f26fb9a04fda4e2238