安装Let’s Encrypt客户端

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

获得Let’s Encrypt证书

停止Nginx服务
sudo service nginx stop

获取证书
./letsencrypt-auto certonly --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview
提示:上面的指令会打开一个蓝屏白框的对话框,依照:选第2个(place files in webroot directory automatically use a temporary webserver(standalone)),输入Email地址,同意协议,输入域名(多个域名用空格隔开)

然后会出现类似下面的信息,表示成功。

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/i.shanbin.name/fullchain.pem. Your cert will
expire on 2017-03-02. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew *all* of your certificates, run
"letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

配置Nginx
ssl_certificate /etc/letsencrypt/live/你的域名.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/你的域名.com/privkey.pem;

证书续签

sudo service nginx stop
sudo ~/.local/share/letsencrypt/bin/letsencrypt renew
sudo service nginx restart