How to Secure Nginx with Let’s Encrypt SSL on RHEL / CentOS 7
In this tutorial, we are going to setup Let’s Encrypt SSL (free SSL) on CentOS / RHEL 7 server running Nginx webserver. Let’s get started:
Table of Contents
- Install Certbot Client
- Config Firewall
- Generate SSL Certificate
- Setup Auto-renewal
- Check Certificate Status
- Delete Certbot Certificate
Install Certbot Client
To install Certbot client, we’ve to add EPEL reposiory on our server:
sudo yum install epel-release
Now run this command to install Certbot with necessary packages:
sudo yum install httpd mod_ssl python-certbot-nginx
Confirm the installation by typing this command:
certbot --version
Config Firewall
If firewall is running on your server, you’ve to open HTTPS (443) port. If your system is running firewalld, run these commands:
# open 443 port
sudo firewall-cmd --zone=public --permanent --add-service=https
# reload firewall
sudo firewall-cmd --reload
If your system is running iptables, then run these commands:
sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Generate SSL Certificate
We have the necessary modules to generate Let’s Encrypt SSL. To generate certificate for a single domain, run this command:
certbot --nginx -d example.com
To generate SSL for multiple domains or subdomains, run this command:
certbot --nginx -d example.com -d www.example.com
Here, example.com is the base domain.
You can also generate an SSL certificate by choosing a domain name. To do this, run this command to show all hosted domains:
certbot --nginx
Choose one option and run that command what you needed. After successful installation, you will see a message similar to this message:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2019-10-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Setup Auto-renewal
We know that Let’s Encrypt certificates are valid for 90 days. But we can renew the certificates very easily. Just run this command before the expiration date:
certbot renew
We can also setup a cronjob to renew automatically. Open the cronjob:
crontab -e
Then add this line:
0 0 * * 1 /usr/bin/certbot renew >> /var/log/sslrenew.log
Check Certificate Status
We have successfully installed Let’s Encrypt SSL. Now let’s check the status of the SSL certificate by visiting this URL:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
Delete Certbot Certificate
To delete the certificate we have to run this command:
# to select domain name
certbot delete
# directly assign domain name
certbot delete --cert-name example.com
The article is over. Thanks for reading. ?
Comment
Preview may take a few seconds to load.
Markdown Basics
Below you will find some common used markdown syntax. For a deeper dive in Markdown check out this Cheat Sheet
Bold & Italic
Italics *asterisks*
Bold **double asterisks**
Code
Inline Code
`backtick`Code Block```
Three back ticks and then enter your code blocks here.
```
Headers
# This is a Heading 1
## This is a Heading 2
### This is a Heading 3
Quotes
> type a greater than sign and start typing your quote.
Links
You can add links by adding text inside of [] and the link inside of (), like so:
Lists
To add a numbered list you can simply start with a number and a ., like so:
1. The first item in my list
For an unordered list, you can add a dash -, like so:
- The start of my list
Images
You can add images by selecting the image icon, which will upload and add an image to the editor, or you can manually add the image by adding an exclamation !, followed by the alt text inside of [], and the image URL inside of (), like so:
Dividers
To add a divider you can add three dashes or three asterisks:
--- or ***

Comments (0)