Due to the problem of mobile blocking, many friends have suggested https access to me. Due to various reasons, I have never upgraded. I have only tested it. Of course, the most convenient one is Let's Encrypt free SSL certificate. There are many The one-click package has been added to the SSL deployment component selection. Personally, the most commonly used one is the LNMP one-click package. The latest version 1.4 also provides two SSL deployment method options: use your own SSL certificate or Let's Encrypt free certificate.
What is Let’s Encrypt?
Let’s Encrypt is a free, open, automated certificate authority operated by ISRG (Internet Security Research Group). The project was initiated by two Mozilla employees in 2012, announced to the public in November 2014, and launched into public beta on December 3, 2015. Let’s Encrypt is a very popular free SSL certificate issuance project, which automatically issues certificates. The certificate is valid for 90 days and can be automatically renewed through automatic tasks.
Before deploying the Let's Encrypt free SSL certificate, we need to do 2 basic tasks:
1. LNMP1.4 has been compiled and is running normally;
2. The domain name to be deployed has been Resolve to server IP.
Next, we start adding a new site to the VPS (adding a virtual host) and choose to deploy Let’s Encrypt free SSL during this process.
The above picture has marked part of the lnmp vhost add process. The bottom of the screen starts to ask whether to add an SSL certificate. We select y.
Then we choose 2 to create an SSL certificate using Let’s Encrypt.
Then enter your email address (just enter your own email address, no special requirements), press Enter and press any key to start configuring the virtual host.
The deployment process does not take long. Soon we will see that the configuration is completed. After that, we can test accessing the site added above through https. I also uploaded some web pages here for easy viewing.
If we need to force https access, we can modify the site configuration file (configuration file location: /usr/local/nginx/conf/vhost/domain name.conf) to pass all http requests through Just rewrite it to https.
Add: rewrite ^(.*)$ https://$host$1 permanent;
Save after completion and reload nginx. At this time we When you access the http address again, you will find that it automatically jumps to the https address.
During the process of using LNMP1.4 to add a virtual host and deploy Let's Encrypt free SSL certificate, the system will automatically join the automatic task. We can confirm whether the joining is successful. As shown in the figure below, you can see that the task is executed every 7 days. Don't worry about the 90-day deadline.
The above is to deploy the Let's Encrypt free SSL certificate during the process of directly adding the virtual host. If we do not choose to deploy when adding the virtual host site, we can also deploy it later through the command lnmp ssl add command. , the operation process is the same as our direct deployment.