昨天花了一些时间将之前的Ghost博客改用灵活强大的Gatsby重新搭建,顺带启用了HTTPS。HTTPS使用的是Let’s Encrypt提供的免费方案。具体的配置步骤如下:
Nginx
和CentOS 6
以我的选择为例,上面第三步需要执行的命令如下:
# 下载
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
# 更改nginx配置
sudo ./certbot-auto --nginx
在执行最后一条命令的时候报了如下错误:
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()
Google后在certbot仓库的issue下面找到了解决办法。报错是因为找不到nginx,配置一下软链即可:
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
ln -s /usr/local/nginx/conf/ /etc/nginx
然后重新执行:
sudo ./certbot-auto --nginx
免费的certbot证书90天会过期,所以可以通过crontab -e
去定时更新,相关配置如下(每月都强制更新一次):
# 注意:请使用自己的certbot-auto目录
0 0 1 * * /home/certbot-auto renew --force-renewal
5 0 1 * * nginx -s reload