Certbot

来自MalacoKnowledge

certbot 是个自动签发 HTTPS 证书的 bot

安装

# pacman -S certbot
# pacman -S certbot-nginx

使用

先检查 nginx 有没有错误,没有报错才可以运行

$ nginx -t

没有报错则继续

$ certbot -d DOMAIN1 -d DOMAIN2 -m YOUR_EMAIL --nginx certonly

位置

Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/DOMAIN/privkey.pem

自动更新

# vim /etc/systemd/system/letsencrypt.service
[Unit]

Description=Let's Encrypt renewal

[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos


ExecStartPost=/bin/systemctl reload nginx.service
# vim /etc/systemd/system/letsencrypt.timer
[Unit]

Description=Monthly renewal of Let's Encrypt's certificates

[Timer]
OnCalendar=daily
Persistent=true

[Install]


WantedBy=timers.target

开机自启

# systemctl enable letsencrypt.timer

  1. systemctl start letsencrypt.timer
取自“https://knwl.malacology.net/index.php?title=Certbot&oldid=28