https证书 let‘s encrypt Nginx的SSL模块配置https

官网申请免费SSL证书之let’s encrypt
https://certbot.eff.org/instructions?ws=nginx&os=centosrhel7

1.安装snapd

安装snapd
 $ sudo yum install epel-release
 $ sudo yum install snapd
 $ sudo systemctl enable --now snapd.socket
 $ sudo ln -s /var/lib/snapd/snap /snap更新至最新
 $ sudo snap install core;sudo snap refresh core
 

2.安装certbot

确保接下来的命令是最新安装的snapd，需要先删除再安装
 $ sudo yum remove certbot
 $ sudo snap install --classic certbot
 $ sudo ln -s /snap/bin/certbot /usr/bin/certbot
 

3.nginx下配置

获取证书，并自动修改nginx配置
 sudo certbot --nginx -d 域名  
 或
 获取证书，需要手动修改nginx配置
 sudo certbot certonly --nginx -d 域名
 

在执行sudo certbot --nginx -d 域名时候报错，原因是由于Nginx没有配置环境变量，用创建符号链接的方法成功解决
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
ln -s /usr/local/nginx/conf/ /etc/nginx

ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
 ln -s /usr/local/nginx/conf/ /etc/nginx
 

证书下发成功

4.测试自动续租

$ sudo certbot renew --dry-run
 如果没有错误信息，则会自动续租证书
 

The command to renew certbot is installed in one of the following locations:/etc/crontab/
 /etc/cron.*/*
 systemctl list-timers
 

备注:
certbot会自动创建续租服务

$ systemctl --type=timer | grep snap
 snap.certbot.renew.timer     loaded active waiting Tim