1、安装Nginx（略）
2、安装GIT（略）
3、git clone https://github.com/letsencrypt/letsencrypt
4、进入letsencryptcd文件夹

cd letsencrypt

5、然后执行上面的脚本，我们需要根据自己的实际站点情况将域名更换成自己需要的。

./letsencrypt-auto certonly --standalone --email admin@test.org -d test.org

完成后会出现如下提示

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/test.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/test.org/privkey.pem
   Your cert will expire on 2020-07-10. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again. To non-interactively renew *all* of your
   certificates, run "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

6、拿到证书后即可配置Nginx，进入Nginx的配置文件

vi  /etc/nginx/nginx.conf

7、添加如下配置

server {
        listen 80;                                     
        server_name  test.org;      
    rewrite ^(.*)$ https://$host$1 permanent;  #设置http强转至https      
    }
    server {
    listen 443 ssl;
    server_name test.org;
    #root html;
    index index.html index.htm;
    ssl_certificate /etc/letsencrypt/live/test.org/fullchain.pem;   #将domain name.pem替换成您证书的文件名。
    ssl_certificate_key /etc/letsencrypt/live/test.org/privkey.pem;   #将domain name.key替换成您证书的密钥文件名。
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:8080/;
    }
    }