https://certbot.eff.org/                    到网站上选择你的SSL使用
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto

certbot-auto certonly --webroot -w /www/web/example.com/public_html -d example.com -d www.example.com

cd /etc/letsencrypt/live/example.com
fullchain.pem ->example.com.crt       改成你的域名证书名称
privkey.pem   ->example.com.key     改成你的域名证书名称
-----------------------------------------------------------------------------------
server {
    listen 80;
    server_name example.com www.example.com;  这里修改为网站域名
    rewrite ^(.*)$ https://$host$1 permanent;
index  index.html index.php index.htm;
}

server {
    listen 443;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/example.com.crt;      默认证书所在的路径
    ssl_certificate_key /etc/letsencrypt/live/example.com.key;  默认证书所在的路径
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
server_name example.com www.example.com;
index  index.html index.php index.htm;
}
-----------------------------------------------------------------------------------
crontab -e  
0 3 1 * * /root/certbot-auto renew –renew-hook “/etc/init.d/nginx -s reload”
service crond restart
service crond on
-----------------------------------------------------------------------------------