Crbot無料証明書を使ってhttpからhttpsに簡単にアップグレードします。

1、cerbotをインストールする:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

要求:

Python 2.7

Git環境

外部ネットワークに接続する

2、運転：

//            
./certbot-auto certonly --standalone --email [email protected] -d example.com -d www.example.com -d other.example.net

成功ヒント:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
   expire on 2016-09-04. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

3、Ngixの配置：
Serverはもう80ポートを傍受しません。TLSは443ポートを使って証明書とkeyを導入します。

server
{
    listen 443 ssl;   /
    server_name xxx.com;     //       
    index index.html index.htm index.php default.html default.htm default.php;
    root /opt/wwwroot/        //    
    ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem;    //       ，          ，       
    ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem;   //       ，          ，        
    ........
}

再起動します

sudo service nginx restart

OKです