Certbot
certbot 是个自动签发 HTTPS 证书的 bot
安装
sudo pacman -S certbot sudo pacman -S certbot-nginx
使用
先检查 nginx 有没有错误,没有报错才可以运行
nginx -t
没有报错则继续
certbot -d DOMAIN1 -d DOMAIN2 -m YOUR_EMAIL --nginx certonly
位置
Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem Key is saved at: /etc/letsencrypt/live/DOMAIN/privkey.pem
自动更新
sudo vim /etc/systemd/system/letsencrypt.service
[Unit]Description=Let's Encrypt renewal
[Service] Type=oneshot ExecStart=/usr/bin/certbot renew --quiet --agree-tos
ExecStartPost=/bin/systemctl reload nginx.service
sudo vim /etc/systemd/system/letsencrypt.timer
[Unit]Description=Monthly renewal of Let's Encrypt's certificates
[Timer] OnCalendar=daily Persistent=true
[Install]
WantedBy=timers.target
开机自启
sudo systemctl enable letsencrypt.timer sudo systemctl start letsencrypt.timer