ubuntu 下启用 https

install

sudo apt install letsencrypt

如果 ubuntu 太老, 比如 12

sudo apt-get install git
git clone https://github.com/letsencrypt/letsencrypt

验证

注意,nginx要用默认配置

sudo vim /etc/nginx/sites-available/default

加入

location ~ /.well-known {
               allow all;
       }
sudo nginx -s reload
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d follow.center -d www.follow.center

校验完成,提示

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/follow.center/fullchain.pem. Your cert will
   expire on 2017-03-17. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

验证出错

如果针对某域名, 验证不正确时, 先配置该域名监听 80 端口, 然后选定一个路径

	server {

        listen  80;

        # listen 443 ssl http2;
        # ssl_certificate /etc/letsencrypt/live/lorstone.com/fullchain.pem;
        # ssl_certificate_key /etc/letsencrypt/live/lorstone.com/privkey.pem;
        # # 增加速度
        # ssl_session_cache shared:SSL:5m;
        # ssl_session_timeout 1h;

		server_name eleme.lorstone.com;
        location ~ /.well-known {
			root /home/bigzhu/eleme/test;
        }

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d lorstone.com -d www.lorstone.com -d eleme.lorstone.com