In this tutorial, we will set up a Let’s Encrypt SSL certificate on a CentOS 7 server with Nginx as the web server. After completing the instructions described in this article, you should be able to access your site using HTTPS.
Using SSL (short for Secure Socket Layer) is vital to keeping your site’s visitors safe as well as improving your webpage’s ranking on search engines. Without SSL, the data and information sent between your web server and your site’s visitors can be seen by third parties that are transmitting that data. With SSL, this data is encrypted, and only you and your visitors can see the information, keeping both sides safer.
Let’s Encrypt lets you set up an SSL certificate on your server for free. Their goal was to make SSL a commodity and give everyone the ability to have a safe and secure website. Let’s Encrypt makes the process of installing/renewing certificates easy for most users. This is very useful for making your website secure without needing the technical knowledge that is usually expected. Google and other search engines further encourage securing your website by giving websites that use SSL a higher ranking than websites without SSL.
In this guide, we will use the Certbot tool from EFF (https://certbot.eff.org).
Prerequisites
As a requirement, we need to install the Extra Packages for Enterprise Linux (EPEL) package. You will need a server or VPS running CentOS 7, and a user that has sudo privileges, or access to the root user itself. Assume the following commands described here are performed by the root user. Let’s install the EPEL package:
$ yum install epel-release
Then update the packages in the system to add the new package lists to the package manager:
$ yum update
1. Install and Start Nginx
If you haven’t done so already, install Nginx and start it:
$ yum install nginx $ service nginx start
You can also set up Nginx to start automatically after the server boots up by running this command:
$ systemctl enable nginx
Now that our Nginx server is running, we can install Certbot.
2. Install Certbot
Now, we will install certbot by running this command:
$ yum install certbot-nginx
The next command will install a Let’s Encrypt SSL certificate using the Nginx plugin. This will automatically modify your Nginx configuration by adding the relevant lines containing the paths to the certificate and private key created by Certbot, before finally reloading Nginx.
$ certbot --nginx
Simply follow the guide that Certbot provides, enter your email, and your server should now have SSL set up!
3. Automating Renewal
A Let’s Encrypt-issued SSL certificate is valid for 90 days. However, we can automate the process of renewing the certificate by adding a cronjob that periodically checks the expiry status of the certificate and renews the certificate if needed.
In the command line, open your crontab file:
$ crontab -e
This will open a text editor where you can add the following:
0 2 * * * /usr/bin/certbot renew --quiet
This line says to run the certbot command at 2:00 am, every day. The –quiet option tells certbot not to produce any output. Save and exit from the editor.
Firewall settings (optional)
CentOS 7 comes with the default firewall program called firewalld. You may choose to completely disable this to guarantee that no connections will be stopped from/to your server. However, if you wish to use it on your system, you need to configure firewalld to allow HTTPS access to your server.
The following command configures firewalld to allow both HTTP and HTTPS connections.
$ firewall-cmd --permanent --add-service=http --add-service=https
Reload the the firewall in order for the changes to take effect:
$ firewall-cmd --reload
That’s all there is to it – you now have your firewall running while still allowing for HTTP and HTTPS requests to come through.
Congratulations! You have successfully set up Let’s Encrypt SSL using Certbot with Nginx support.
While Let’s Encrypt does make their certificate installation pretty straightforward, that’s not all that needs to be done on a website. Our fully managed CentOS support services provide you with complete and comprehensive support and maintenance for your server, including any requests you have for software installation and configuration. We do everything you could ever need for your server’s health and performance.
If this tutorial helped you set up Let’s Encrypt on your CentOS 7 server or VPS, please consider leaving a comment letting us know how it helped, or you can share this post on social media by using our share shortcuts. Thanks.
I needed to add the following lines before the schedule line to get certbot running successfully under cron:
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
Not sure if both needed but better to be sure.
There is no need to add that, the cron setup indicated in the article should be enough.