Home > Article > Operation and Maintenance > How Nginx uses Let's Encrypt to encrypt https
How Nginx uses Let's Encrypt to encrypt https
- WBOYforward
- 2023-05-12 17:37:131434browse
HTTPS is now the standard for websites. Many services must use https. If you don’t use it, the browser may not be very friendly to you.
If you don't want to use a commercial CA key, you can use Let's Encrypt for encryption.
The only disadvantage of using Let's Encrypt is that it needs to be updated every 3 months. Of course, you can also use automatic updates to handle it.
We need to install the plug-in to achieve:
Obtain the pem key required for SSL encryption.
Set certbot to automatically update the secret key.
Required prerequisites
Nginx has been installed and the virtual host has been configured
Installedpython3-certbot-nginxPlug-in
We will not go into details about the configuration method of Nginx virtual host. You can search and configure it yourself.
Install the python3-certbot-nginx plug-in
The installation command is very simple:
Just execute the following command: sudo dnf install python3-certbot-nginx It should be noted that our command comes with nginx plug-in.
There is also an official one without plug-ins. It is not recommended to install that one because it is very difficult to match.
Get the pem key
Run the following commandsudo certbot certonly --nginx, you need to add nginx parameters later.
We can see from the loneliness below that this tool will detect several virtual hosts on your local server.
Then you need to choose the one you need to install.
After successful installation, the pem key we need will be generated.
Configure your virtual host
Find your virtual host file, and then configure the generated key.
For example, our virtual host configuration:
#We first configured the redirection of port 80 above, and then added the two generated key files to Just configure it at the specified location.
Then restart the Nginx server, and then check the HTTPS status of your website.
Check the HTTPS status of the website
You can use some third-party websites to check, or you can directly use the browser to check.
Mainly check whether the website has normal redirects and the expiration time of the SSL certificate.
The certificate above seems to be issued for a wide domain name.
The above is the detailed content of How Nginx uses Let's Encrypt to encrypt https. For more information, please follow other related articles on the PHP Chinese website!