nginx如何防止ssl证书过期

>yum install epel-release

>wget https://dl.eff.org/certbot-auto --no-check-certificate

>chmod +x certbot-auto >./certbot-auto -n

>./certbot-auto certonly --email my@163.com --agree-tos --no-eff-email --webroot -w /usr/local/nginx/html/xue/ -d www.xue37.cn

>./certbot-auto certonly --email my@163.com --agree-tos --no-eff-email --webroot -w /usr/local/nginx/html/xue/ -d www.xue37.cn -d xue37.cn

>0 3 * * * /root/certbot-auto renew --disable-hook-validation --renew-hook "/usr/local/nginx/sbin/nginx -s reload"

/root/certbot-auto renew --disable-hook-validation --renew-hook "/usr/local/nginx/sbin/nginx -s reload"

server { listen 443 ssl; server_name www.xue37.cn; ##这里是你的域名 ssl_certificate /etc/letsencrypt/live/www.xue37.cn/fullchain.pem; #前面生成的证书，改一下里面的域名就行 ssl_certificate_key /etc/letsencrypt/live/www.xue37.cn/privkey.pem; #前面生成的密钥，改一下里面的域名就行 ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; access_log /data/application/logs/xue.access.log main; location ^~ /bot { proxy_pass http://xue-server; include proxy-params.conf; } location / { root html/xue; index index.html index.htm; } location = /50x.html { root html; } }

server { listen 80; server_name localhost; location /.well-known/ { add_header Content-Type 'text/plain;'; root /usr/local/nginx/html/xue; } location / { return 301 https://www.xue37.cn$request_uri; } }

location ~ /\. { deny all; }

location ~ /.well-known { allow all; }