让网站支持https协议

我的环境是：centos，nginx.


将要使用 Let's Encrypt免费SSL


--------------------------------------------------------


1.获取certbot客户端
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto


注:我在使用wget 下载时没有成功，开启vpn代理翻墙下载到本地再ftp上传到某目录下。离线版下载
2.停止nginx
pkill -9 nginx


3.生成证书

    ./certbot-auto certonly --standalone --email `你的邮箱地址` -d `你的域名地址`

执行完/etc/letsencrypt/live/有相关目录。 确保nginx进程关闭。

        
3.将证书用于nginx


server {
        listen 80;
        server_name     cui.le.shop;
        index           index.html index.htm index.php;
access_log     /data/wwwroot/cui.le.shop/log/cui.le.shop.access.log main;
error_log       /data/wwwroot/cui.le.shop/log/cui.le.shop.error.log error;
set $root_path '/data/wwwroot/cui.le.shop/wwwroot';
root $root_path;
try_files $uri $uri/ @rewrite;
location @rewrite {
rewrite ^/(.*)$ /index.php/$1;
}
location ~ \.php {
# try_files    $uri =404;


fastcgi_index  /index.php;
fastcgi_pass   127.0.0.1:9000;


include fastcgi_params;
fastcgi_split_path_info       ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO       $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root $root_path;
expires      30d;
}
location ~ /.ht {
deny all;
}
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/cui.le.shop/fullchain.pem; # 主要是这二句
ssl_certificate_key /etc/letsencrypt/live/cui.le.shop/privkey.pem;# 主要是这二句


}




4.启动nginx


启动nginx 发现nginx不识别ssl ,ssl_certificate指令，所以重新编译nginx.
服务器有安装包路径。
-- 查找相关路径
find /|grep nginx


--安装包路径
/usr/local/src/nginx-1.10.0


-- 编译  我这里设置路径是/usr/local/webserver/nginx，没有按照默认路径走。
./configure --prefix=/usr/local/webserver/nginx --sbin-path=/usr/local/webserver/nginx/sbin/nginx --with-http_ssl_module
--生成
make
--备份旧的
cp /usr/local/webserver/nginx/sbin/nginx /usr/local/webserver/nginx/sbin/nginx.bak


--复制成新的
cp objs/nginx /usr/local/webserver/nginx/sbin/nginx


--测试
/usr/local/webserver/nginx/sbin/nginx -t


（nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful）
--启动

/usr/local/webserver/nginx/sbin/nginx -c /usr/local/webserver/nginx/conf/nginx.conf