$ certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): hello@qq.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y Account registered.
Which names would you like to activate HTTPS for? We recommend selecting either all domains, or all domains in a VirtualHost/server block. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: www.你的域名.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): Requesting a certificate for www.你的域名.com
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: www.你的域名.com Type: unauthorized Detail: '你的服务器IP': Invalid response from http://www.你的域名.com/.well-known/acme-challenge/xxxxx: 403
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
$ certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for? We recommend selecting either all domains, or all domains in a VirtualHost/server block. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: api.你的域名.com 2: www.你的域名.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): Requesting a certificate for api.你的域名.com and www.你的域名.com
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/api.你的域名.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/api.你的域名.com/privkey.pem This certificate expires on 2023-10-18. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate Successfully deployed certificate for api.你的域名.com to /etc/nginx/sites-enabled/lime Successfully deployed certificate for www.你的域名.com to /etc/nginx/sites-enabled/default Congratulations! You have successfully enabled HTTPS on https://api.你的域名.com and https://www.你的域名.com
3. Remove certbot-auto and any Certbot OS packages
If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbot, sudo dnf remove certbot, or sudo yum remove certbot.
4. Install Certbot
Run this command on the command line on the machine to install Certbot.
1
sudo snap install --classic certbot
5. Prepare the Certbot command
Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.
1
sudo ln -s /snap/bin/certbot /usr/bin/certbot
6. Choose how you’d like to run Certbot
Either get and install your certificates…
Run this command to get a certificate and have Certbot edit your nginx configuration automatically to serve it, turning on HTTPS access in a single step.
1
sudo certbot --nginx
Or, just get a certificate
If you’re feeling more conservative and would like to make the changes to your nginx configuration by hand, run this command.
1
sudo certbot certonly --nginx
7. Test automatic renewal
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
1
sudo certbot renew --dry-run
The command to renew certbot is installed in one of the following locations:
/etc/crontab/
/etc/cron.*/*
systemctl list-timers
8. Confirm that Certbot worked
To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar.