安装Let's Encrypt电子证书

首先在Mac上执行这些命令来安装certbot。
brew install certbot
$ brew ls certbot
/usr/local/Cellar/certbot/0.9.3_1/bin/certbot
/usr/local/Cellar/certbot/0.9.3_1/bin/letsencrypt
/usr/local/Cellar/certbot/0.9.3_1/libexec/bin/ (18 files)
/usr/local/Cellar/certbot/0.9.3_1/libexec/lib/ (1946 files)
/usr/local/Cellar/certbot/0.9.3_1/libexec/ (2 files)
/usr/local/Cellar/certbot/0.9.3_1/share/certbot/ (7 files)

然后在Mac执行
$ certbot --config-dir ~/credentials/etc --work-dir ~/credentials/lib --logs-dir ~/credentials/log certonly --manual
输入email, domain,
按照指示在服务器上作出.well-known/acme-challenge/下的认证文件，并按回车，

看起来取得证书成功，并得到以下显示：

IMPORTANT NOTES:

• Congratulations! Your certificate and chain have been saved at
  /Users/laoyanhunhua/letsencrypt/etc/live/yinlei.org/fullchain.pem. Your
  cert will expire on 2017-04-08. To obtain a new or tweaked version
  of this certificate in the future, simply run certbot again. To
  non-interactively renew all of your certificates, run "certbot
  renew"
• If you lose your account credentials, you can recover through
  e-mails sent to laoyanhunhua@yinlei.org.
• Your account credentials have been saved in your Certbot
  configuration directory at /Users/laoyanhunhua/letsencrypt/etc. You
  should make a secure backup of this folder now. This configuration
  directory will also contain certificates and private keys obtained
  by Certbot so making regular backups of this folder is ideal.
• If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

可以看到本地etc/live/yinlei.org/下面生成4个文件：
cert.pem chain.pem fullchain.pem privkey.pem

然后按先后顺序把密匙文件privkey.pem，网站证书cert.pem和中间证书chain.pem这几个文件放到web服务器上就可以了。

Let's Encrypt的缺点是有效期只有3个月，实在太短了。。