Ubuntu添加https ssl证书

一、Ubuntu安装

sudo apt install certbot python3-certbot-nginx

二、仅获取证书

sudo certbot certonly --standalone -d xigk.com

配置nginx

server {
    listen 443 ssl ;
    http2 on;
    server_name xigk.com;
    
    # SSL 证书配置 - 指向 Certbot 生成的证书
    ssl_certificate /etc/letsencrypt/live/xigk.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xigk.com/privkey.pem;
    
    # 推荐的安全配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;
    
    # 站点根目录
    root /www/wwwroot/xigk.com;
    index index.html index.htm index.php;
    
}

三、添加定时任务

sudo certbot renew --dry-run --deploy-hook "/etc/init.d/nginx reload"