关于http:让你的网站从http免费升级为https

一、问题

让网站（http://www.example.com）反对 https 协定，能失常拜访（https://www.example.com）这个链接。

二、解决方案

https 其实就是通过 ca 证书，对服务器和域名进行实名认证。这里应用公益组织 Let's Encrypt 提供的工具 certbot 收费生成 ca 证书。

1、服务器环境：

• Ubuntu：服务器操作系统；
• nginx：用于部署运行网站的服务器；
• www.example.com：通过备案且能失常解析到服务器；

2、装置 certbot

certbot 是 公益组织 Let's Encrypt 提供的 ca 证书 生成工具。

sudo apt-get update;
sudo apt-get install software-properties-common;
sudo add-apt-repository ppa:certbot/certbot;
sudo apt-get update;
Ubuntu14 用这个命令：sudo apt-get install python-certbot-nginx;
Ubuntu20 用这个命令：sudo apt-get install python3-certbot-nginx

3、生成 ca 证书

# 1、执行生成命令
sudo certbot --nginx

# 2、呈现如下信息
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.example.com

# 3、输出 1，回车

# 4、呈现如下信息
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

# 5、输出 2，回车

# 6、呈现上面语句，示意生成胜利
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.example.com/privkey.pem
   Your cert will expire on 2019-02-25. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

4、拜访 https

当初即可应用 https://www.example.com 来拜访网站了。

5、证书过期问题

ca 证书的应用期限是 90 天，能够通过上面命令主动续签更新，永不过期。

sudo certbot renew --dry-run

三、参考文档

• 让你的网站从 http 收费降级为 https！