let's encrypt生成免费https证书 ubuntu+tomcat+nginx+let's encrypt

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

certbot certonly --standalone -d www.域名1.com -d www.域名2.com

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/【这里是你的域名】/fullchain.pem. Your cert will
   expire on 【这里是到期时间】. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:
 
   Donating to ISRG / Let‘s Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/【这里是你的域名】/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/【这里是你的域名】/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
listen [::]:443 ssl ipv6only=on;

nginx -s reload

server {
        listen 80;
        server_name 【这里是你的域名】;
        rewrite ^(.*) https://$server_name$1 permanent;
}