根據此文章，此流程有做過簡化這邊使用 Webroot 來抓取憑證

這邊假設要加入 abc.statementdog.com 的憑證， Nginx 設定檔放置於 /etc/nginx/site-available/abc.statementdog.com 根目錄為 /your/abc.statementdog.com/root/path

安裝 Let's Encryption Client (certbot)

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/
sudo chmod a+x /usr/local/bin/certbot-auto

產生憑證 ( 以 abc.statementdog.com 為例)

先檢查是否有開啟 /.well-known 檢視權限

# vim /etc/nginx/site-available/abc.statementdog.com
server {

  location ~ /.well-known {
    allow all;
  }

}

開始產生憑證

certbot certonly -a webroot --webroot-path=/var/www/html --rsa-key-size 4096 -d abc.statementdog.com

若是沒有錯誤的話，會產生四個檔案，放置於 /etc/letsencrypt/live/abc.statementdog.com

cert.pem: Your domain’s certificate
chain.pem: The Let’s Encrypt chain certificate
fullchain.pem: cert.pem and chain.pem combined
privkey.pem: Your certificate’s private key

設定 Nginx

修改 Nginx 設定檔

# vim /etc/nginx/site-available/abc.statementdog.com
ssl on;
ssl_certificate /etc/letsencrypt/live/abc.statementdog.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/abc.statementdog.com/privkey.pem;

測試 Nginx 設定語法是否正確

sudo nginx -t

若是Nginx設定沒有問題，重新載入Nginx

sudo service nginx reload

自動更新

30 3 * * 1 /usr/local/bin/certbot-auto renew
35 3 * * 1 /etc/init.d/nginx reload

maxmilian/Let's Encryption.md

安裝 Let's Encryption Client (certbot)

產生憑證 ( 以 abc.statementdog.com 為例)

設定 Nginx

自動更新