Ubuntu 16.04——配置Nginx及Https服务

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

sudo certbot --nginx

此命令将自动获取证书并且Certbot会编辑Nginx配置并完成所有工作，
只需在命令运行期间根据命令的提示输入你要配置SSL的域名即可。

如果想自定义Nginx配置，则使用certonly子命令即可。

sudo certbot --nginx certonly

. . .
server_name example.com www.example.com;
. . .

sudo nginx -t

sudo systemctl restart nginx

sudo certbot --nginx -d 自己的域名

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
expire on 2017-10-23. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again with the
“certonly” option. To non-interactively renew all of your
certificates, run “certbot renew”

Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.

If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Certbot提供的证书期限为90天，执行此命令可自动续订证书。

sudo certbot renew --dry-run