[root@aliyun-www ~]# yum install certbot -y

[root@aliyun-www ~]# certbot --versioncertbot 2.11.0

[root@aliyun-www ~]# certbot certonly --nginx -d static.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

[root@aliyun-www ~]# yum install python3-certbot-nginx

[root@aliyun-www ~]# certbot certonly --nginx -d static.example.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): youname@example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Requesting a certificate for static.example.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/static.example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/static.example.com/privkey.pem
This certificate expires on 2025-06-18.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[root@aliyun-www ~]# certbot renew --dry-run

server {
   listen   443 ssl;
   server_name  example.cn;
   root /home/www/example.com;
   index  index.html index.htm index.php;
    ssl_certificate /etc/letsencrypt/live/example/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ...
}

server {
    listen 80;
    server_name example.com;
    location / {
        rewrite ^(.*)$  https://$host$1 permanent;
    }
}

systemctl restart nginx