Introduction
Let’s Encrypt is a free, automated, and open certificate authority managed by the Internet Security Research Group. Let’s Encrypt provide two types of certificates The standard single domain SSL and wildcard SSL, These certificates are domain-validated.
This article will explain how to secure Nginx with Let's Encrypt on CentOS 7.
Prerequisites
- A root or non-root user with
sudoprivileges. - A domain name that directs people to the public server's IP address.
Install Certbot
Certbot can automate the tasks for obtaining and renewing Let’s Encrypt SSL certificates.
-
Enable access to the EPEL repository.
# sudo yum install epel-release -y -
Install
certbot-nginxLet’s Encrypt the client package.# sudo yum install certbot-nginx -y
Setting up Nginx
-
If Nginx is not installed yet on your system let's install it first.
# sudo yum install nginx -y -
Start Nginx service using
systemctl# sudo systemctl start nginx -
Update the server name in the
nginx.conffile.
Find the existing# sudo vi /etc/nginx/nginx.confserver_nameinside the server block and replace it with your domain name Ex:example.com.Save and close the file after adding the server name.
-
Reload nginx to load the new configuration.
# sudo systemctl reload nginx - Enable HTTP and HTTPS connections via iptables using the command given below.
# sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Requesting a TLS/SSL Certificate Using Certbot
- Request a certificate and automatically configure it on Nginx.
Replace your domain name with an# sudo certbot --nginx -d example.comexample.comin the above command. if you running Certbot for the first time you will be prompted to enter an email and pressYto agree to the terms of service. - Confirm whether your new certificate is accessible or not over HTTPS. To do this Try reloading your website using
https://your-domain.comand notice your browser’s security indicator.