Let’s Encrypt试用

Let’s Encrypt项目意在让每个网站都能使用HTTPS加密的连接,有空之余测试一下免费ssl

1、安装git

apt-get install git

2、下载代码

git clone https://github.com/letsencrypt/letsencrypt.git

3、生成证书,nginx用  –standalone   apache 用 –apache 参数

./letsencrypt-auto –standalone -d www.maildir.cn

如果你收到下面的信息,说明安装成功了

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.maildir.cn/fullchain.pem. Your cert will
expire on 2016-03-24. To obtain a new version of the certificate in
the future, simply run Let’s Encrypt again.
– If you like Let’s Encrypt, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

4、nginx 配置

server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/www.maildir.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.maildir.cn/privkey.pem;

…..

}

大功告成,另外证书有效期90天,过期了还得去重新申请QQ图片20151225094132