Introduction

Let’s Encrypt is a free, automated, and open certificate authority managed by the Internet Security Research Group. Let’s Encrypt provide two types of certificates The standard single domain SSL and wildcard SSL, These certificates are domain-validated.

This article will explain how to secure Nginx with Let's Encrypt on CentOS 7.

Prerequisites

A root or non-root user with sudo privileges.
A domain name that directs people to the public server's IP address.

Install Certbot

Certbot can automate the tasks for obtaining and renewing Let’s Encrypt SSL certificates.

Enable access to the EPEL repository.
```
# sudo yum install epel-release -y
```
Install certbot-nginx Let’s Encrypt the client package.
```
# sudo yum install certbot-nginx -y
```

Setting up Nginx

If Nginx is not installed yet on your system let's install it first.
```
# sudo yum install nginx -y
```
Start Nginx service usingsystemctl
```
# sudo systemctl start nginx
```
Update the server name in the nginx.conf file.
```
# sudo vi /etc/nginx/nginx.conf
```
Find the existingserver_name inside the server block and replace it with your domain name Ex:example.com.
Save and close the file after adding the server name.
Reload nginx to load the new configuration.
```
# sudo systemctl reload nginx
```

Enable HTTP and HTTPS connections via iptables using the command given below.

# sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Requesting a TLS/SSL Certificate Using Certbot

Request a certificate and automatically configure it on Nginx.
```
# sudo certbot --nginx -d example.com
```
Replace your domain name with an example.com in the above command. if you running Certbot for the first time you will be prompted to enter an email and press Y to agree to the terms of service.
Confirm whether your new certificate is accessible or not over HTTPS. To do this Try reloading your website usinghttps://your-domain.comand notice your browser’s security indicator.