certbot

certbot 是个自动签发 HTTPS 证书的 bot

安装 #

sudo pacman -S certbot
sudo pacman -S certbot-nginx

使用 #

先检查 nginx 有没有错误,没有报错才可以运行

nginx -t

没有报错则继续

certbot -d DOMAIN1 -d DOMAIN2 -m YOUR_EMAIL --nginx certonly

位置 #

Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/DOMAIN/privkey.pem

自动更新 #

sudo vim /etc/systemd/system/letsencrypt.service
[Unit]
Description=Let's Encrypt renewal

[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos
ExecStartPost=/bin/systemctl reload nginx.service
sudo vim /etc/systemd/system/letsencrypt.timer
[Unit]
Description=Monthly renewal of Let's Encrypt's certificates

[Timer]
OnCalendar=daily
Persistent=true

[Install]
WantedBy=timers.target

开机自启

sudo systemctl enable letsencrypt.timer
sudo systemctl start letsencrypt.timer