https://letsencrypt.org/

很火得一个免费证书获取渠道，接下来我们看下如何在linux上配置，让ssl证书自动续期

我们使用 https://certbot.eff.org/ 模式

比如我使用centos7,运行在Nginx上，如下选择

如果你是其他系统得，反正就是按照这个提示去选择，他会有教程告诉你接下来如何操作！

比如我上面选择的环境

SSH into the server

使用SSH连接到服务器

SSH into the server running your HTTP website as a user with sudo privileges.

以具有sudo权限的用户身份将SSH连接到运行HTTP网站的服务器,或者root账号也行

Install snapd

安装snapd

You'll need to install snapd and make sure you follow any instructions to enable classic snap support.

您需要安装snapd，并确保按照任何说明启用经典的snap支持。

Follow these instructions on snapcraft's site to install snapd.

按照snapcraft网站上的说明安装snapd。

如何检测当前服务器是否安装了snapd?直接输入命令

snap --version

看看提示啥，如果提示 snap command not found!那就是没有安装，需要参照一下教程安装

打开snap安装的官网

https://snapcraft.io/docs/installing-snapd

在中间位置表格处找到Centos,然后往下拉，可以看到如下提示

Ensure that your version of snapd is up to date

确保snapd的版本是最新的

Execute the following instructions on the command line on the machine to ensure that you have the latest version of snapd.

在计算机的命令行上执行以下指令，以确保您拥有最新版本的snapd。

sudo snap install core; sudo snap refresh core

Remove certbot-auto and any Certbot OS packages

删除certbot auto和任何certbot OS包

If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbot, sudo dnf remove certbot, or sudo yum remove certbot.

如果使用apt、dnf或yum等操作系统软件包管理器安装了任何Certbot软件包，则应在安装Certbot snap之前将其删除，以确保在运行命令Certbot时使用snap，而不是从操作系统软件管理器安装。执行此操作的确切命令取决于您的操作系统，但常见的示例有sudo apt-get remove certbot、sudo dnf remove certbot或sudo yum remove certbot。

Install Certbot

安装Certbot

Run this command on the command line on the machine to install Certbot

在计算机上的命令行上运行此命令以安装Certbot

sudo snap install --classic certbot

Prepare the Certbot command

准备Certbot命令

Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.

在计算机的命令行上执行以下指令，以确保可以运行certbot命令。

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Choose how you'd like to run Certbot

选择运行Certbot的方式

Either get and install your certificates...

获取并安装证书。。。

Run this command to get a certificate and have Certbot edit your nginx configuration automatically to serve it, turning on HTTPS access in a single step.

运行此命令以获取证书，并让Certbot自动编辑nginx配置以提供证书，只需一步即可打开HTTPS访问。

sudo certbot --nginx

Or, just get a certificate

或者，只要拿到证书

If you're feeling more conservative and would like to make the changes to your nginx configuration by hand, run this command.

如果您感觉更保守，并且希望手动更改nginx配置，请运行此命令。

sudo certbot certonly --nginx

Test automatic renewal

测试自动续订

The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:

系统上的Certbot软件包附带一个cron作业或systemd计时器，该计时器将在证书过期之前自动续订您的证书。除非更改配置，否则不需要再次运行Certbot。您可以通过运行以下命令测试证书的自动续订：

sudo certbot renew --dry-run

The command to renew certbot is installed in one of the following locations:

续订certbot的命令安装在以下位置之一：

• /etc/crontab/
• /etc/cron.*/*
• systemctl list-timers

Confirm that Certbot worked

确认Certbot工作正常

To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar.

要确认您的网站设置正确，请访问https://yourwebsite.com/在浏览器中，并在URL栏中查找锁定图标。

我们有计划在后续的PasteSpider版本中引入一键安装这个ssl证书！