Let's Encrypt免费证书

众所周知https链接需要ssl认证证书，收费的有很多价格也比较昂贵，而腾讯云提供的免费证书只能加密一个网站，如 baidu.com，只能加密这一个页面，其余的还是http链接，无法做到全站https。

使用CertBot客户端

前提是你的网站已经正常部署并且可以通过http访问，至少我的是这样的。

官方教程网站 Certbot (eff.org)

还有其他的一些客户端，详情可见官网描述

选择你的web服务器 nginx或apache等以及系统类型 centos ubuntu 等等

就会有操作步骤，傻瓜式一步步来

其中开始运行的时候会填写一些信息如下所示

[root@iz2zeb4argxs74khdclp2dz sbin]# sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected] // 1）设置邮箱，用于安全提示
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a // 2）同意协议

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n // 3）不共享你的邮箱

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: admin.talkilla.jiushiyaokuaile.cn
2: consultant.talkilla.jiushiyaokuaile.cn
3: student.talkilla.jiushiyaokuaile.cn
4: teacher.talkilla.jiushiyaokuaile.cn
5: wechat.talkilla.jiushiyaokuaile.cn
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 2 3 4 5 // 4）选择需要激活https的域名
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for admin.talkilla.jiushiyaokuaile.cn
http-01 challenge for consultant.talkilla.jiushiyaokuaile.cn
http-01 challenge for student.talkilla.jiushiyaokuaile.cn
http-01 challenge for teacher.talkilla.jiushiyaokuaile.cn
http-01 challenge for wechat.talkilla.jiushiyaokuaile.cn
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /usr/local/nginx/conf/conf.d/admin-talkilla.conf
Deploying Certificate to VirtualHost /usr/local/nginx/conf/conf.d/consultant-talkilla.conf
Deploying Certificate to VirtualHost /usr/local/nginx/conf/conf.d/student-talkilla.conf
Deploying Certificate to VirtualHost /usr/local/nginx/conf/conf.d/teacher-talkilla.conf
Deploying Certificate to VirtualHost /usr/local/nginx/conf/conf.d/wechat-talkilla.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 // 5）设置是否将http自动重定向到https，1否2是
Redirecting all traffic on port 80 to ssl in /usr/local/nginx/conf/conf.d/admin-talkilla-http.conf
Redirecting all traffic on port 80 to ssl in /usr/local/nginx/conf/conf.d/consultant-talkilla.conf
Redirecting all traffic on port 80 to ssl in /usr/local/nginx/conf/conf.d/student-talkilla.conf
Redirecting all traffic on port 80 to ssl in /usr/local/nginx/conf/conf.d/teacher-talkilla.conf
Redirecting all traffic on port 80 to ssl in /usr/local/nginx/conf/conf.d/wechat-talkilla.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://admin.talkilla.jiushiyaokuaile.cn,
https://consultant.talkilla.jiushiyaokuaile.cn,
https://student.talkilla.jiushiyaokuaile.cn,
https://teacher.talkilla.jiushiyaokuaile.cn, and
https://wechat.talkilla.jiushiyaokuaile.cn

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=admin.talkilla.jiushiyaokuaile.cn
https://www.ssllabs.com/ssltest/analyze.html?d=consultant.talkilla.jiushiyaokuaile.cn
https://www.ssllabs.com/ssltest/analyze.html?d=student.talkilla.jiushiyaokuaile.cn
https://www.ssllabs.com/ssltest/analyze.html?d=teacher.talkilla.jiushiyaokuaile.cn
https://www.ssllabs.com/ssltest/analyze.html?d=wechat.talkilla.jiushiyaokuaile.cn
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/admin.talkilla.jiushiyaokuaile.cn/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/admin.talkilla.jiushiyaokuaile.cn/privkey.pem
Your cert will expire on 2020-01-06. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

执行完成后使用https可正常访问网站说明部署完成。

这里申请的证书只有三个月，certbot会自动进行证书的续费更新等等，如果后续出了问题再更新

后续bug

https后后台管理页面登录不上去，说用户未注册

不名所以，不过还好能登陆服务器，能登录数据库

连接数据库以后，切换到wordpress使用库，更新wp_users表

update wp_users set user_url='https://panei.cc' where id =1; 
update wp_users set user_pass='$1$rSziHLDY$399k.JuJsy.oHVp5lquJC.' where id =1;

第一步更新url为https,第二步重置密码，密码为123456加密，这时候可以登录后去后台更新网站的url，由http变为https以及修改密码，大功告成。