下载脚本

1
2
3
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
chmod +x letsencrypt.sh

修改letsencrypt.conf

1
2
3
# 修改 DOMAIN_KEY
# 修改 DOMAIN_DIR
# 修改 DOMAINS

修改nginx配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
   server{
      listen 80;
      server_name blog.ziki.cn;
      #rewrite ^(.*)$ https://${server_name}$1 permanent;
      location / {
         index index.html index.php;
         root /data/www/blog.ziki.cn/html;
         #dd_header Content-Type text/html;
         #return 200 $request_uri;
         if ($request_uri ~* .*.well-known.*){
            break;
         }
         if ($request_uri !~* .*.well-known.*){
            rewrite ^(.*)$ https://${server_name}$1 permanent;
         }
      }
   }

申请证书

1
2
./letsencrypt.sh letsencrypt.conf
systemctl restart nginx

证书检测

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
# openssl x509 -in blog.crt -noout -dates
# openssl x509 -in blog.crt -noout -enddate
# echo | openssl s_client -connect "www.google.ca:443" 2>/dev/null | > openssl x509 -noout -dates | grep notAfter | awk 'BEGIN { FS="=" } { print $2 }'
# openssl x509 -in blog.crt -noout -enddate |cut -d "=" -f2 | xargs -i date --date "{}" "+%Y-%m-%d"
###
t1=`openssl x509 -in blog.crt -noout -enddate |cut -d "=" -f2 | xargs -i date --date "{}" "+%s"`
t2=`date --date  "+1 days" "+%s"`

if [ $t1 -gt $t2 ]; then
    echo "t1 > t2"
elif [ $t1 -eq $t2 ]; then
    echo "t1 = t2"
else
    echo "t1 < t2"
fi