这里利用snap安装certbot进行配置,如果之前使用系统自带的包管理系
安装snap,在Debian系统下执行
sudo apt update
sudo apt install snapd其他操作系统可以查看snap官网https://snapcraft.io/docs/tutorials/install-the-daemon/index.html
安装Certbot
sudo snap install --classic certbot配置一个软连接,可以直接使用certbot命令来运行
sudo ln -s /snap/bin/certbot /usr/local/bin/certbot最后直接certbot 命令来自动配置
sudo certbot --nginxcertbot会自动配置ssl和nginx配置,不需要进行手动配置,如果需要特殊需求或者想要手动配置nginx
在配置的过程会有一些交互,首先会先询问你都email,可以直接回车跳过,第二个会询问你是否同意链接中pdf的协议,直接输入y同意,第三个会询问你想为你的哪个域名配置ssl证书,为单个域名配置直接输入域名前的数字即可,直接回车可以全部配置,这个域名的检查是根据nginx配置的域名,如果在询问时没有看到自己想要配置的域名,可以先检查一下nginx配置
admin@iZj6cbq9j1gsoofxd3hpcaZ:~$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address or hit Enter to skip.
(Enter 'c' to cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: byops.me
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for byops.me
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/byops.me/fullchain.pem
Key is saved at: /etc/letsencrypt/live/byops.me/privkey.pem
This certificate expires on 2026-06-10.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for byops.me to /etc/nginx/conf.d/halo.conf
Congratulations! You have successfully enabled HTTPS on https://byops.me
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
自动配置nginx已经完成了,可以在浏览器检查一下是否能使用https,如果不能使用的话,可以检查一下浏览器缓存服务器的443端口有没有开启
上面过程会自动配置证书过期前续,可以检查一下
sudo certbot renew --dry-run
#Congratulations, all simulated renewals succeeded:
# /etc/letsencrypt/live/byops.me/fullchain.pem (success)
在Debian12下,不会使用crontab,所以使用crontab -l看不到任务,需要使用systemctl list-timers 查看