安装Let’s Encrypt客户端

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

获得Let’s Encrypt证书

停止Nginx服务

sudo service nginx stop

获取证书

./letsencrypt-auto certonly --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview

提示:上面的指令会打开一个蓝屏白框的对话框,依照:选第2个(place files in webroot directory automatically use a temporary webserver(standalone)),输入Email地址,同意协议,输入域名(多个域名用空格隔开)

然后会出现类似下面的信息,表示成功。

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/i.shanbin.name/fullchain.pem. Your cert will
expire on 2017-03-02. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew *all* of your certificates, run
"letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
Donating to EFF:                    https://eff.org/donate-le

配置Nginx

ssl_certificate  /etc/letsencrypt/live/你的域名.com/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/你的域名.com/privkey.pem;

 证书续签

sudo service nginx stop  
sudo ~/.local/share/letsencrypt/bin/letsencrypt renew  
sudo service nginx restart