網站用上了letsencrypt的免費ssl證書

藉助於SSL For Free,可以快速申請Let's Encrypt的SSL證書,然後複製到Vesta Panel中就OK啦,非常方便。實在太簡單啦,所以沒什麼可寫的。證書有效期三個月,快過期時可再次免費更新。

nginx中將http重定向到https,可以在配置文件中這樣設置:

server {
    listen      80;   #listen for all the HTTP requests
    server_name example.com www.example.com;
    return      301         https://www.example.com$request_uri;
}

SSL For Free的證書直接用在nginx上

Certificate Successfully Generated後,下載生成的證書,合併certificate.crt和ca_bundle.crt

cat certificate.crt >> bundle.crt
printf "\n" >> bundle.crt
cat ca_bundle.crt >> bundle.crt

nginx的配置可以這樣寫

server {
    listen 192.111.111.111:443 ssl;
    server_name ft.wupo.info;

    ssl_certificate     /etc/letsencrypt/42/bundle.crt;
    ssl_certificate_key /etc/letsencrypt/42/private.key;
    ssl_protocols	TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}

你的電子郵件位址並不會被公開。 必要欄位標記為 *