Let’s Encrypt is a free, automated, and open certificate authority managed by the Internet Security Research Group. Let’s Encrypt provide two types of certificates The standard single domain SSL and wildcard SSL, These certificates are domain-validated.
This article will explain how to secure Nginx with Let's Encrypt on CentOS 7.
- A root or non-root user with
- A domain name that directs people to the public server's IP address.
Certbot can automate the tasks for obtaining and renewing Let’s Encrypt SSL certificates.
Enable access to the EPEL repository.
# sudo yum install epel-release -y
certbot-nginxLet’s Encrypt the client package.
# sudo yum install certbot-nginx -y
Setting up Nginx
If Nginx is not installed yet on your system let's install it first.
# sudo yum install nginx -y
Start Nginx service using
# sudo systemctl start nginx
Update the server name in the
Find the existing
# sudo vi /etc/nginx/nginx.conf
server_nameinside the server block and replace it with your domain name Ex:
Save and close the file after adding the server name.
Reload nginx to load the new configuration.
# sudo systemctl reload nginx
- Enable HTTP and HTTPS connections via iptables using the command given below.
# sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Requesting a TLS/SSL Certificate Using Certbot
- Request a certificate and automatically configure it on Nginx.
Replace your domain name with an
# sudo certbot --nginx -d example.com
example.comin the above command. if you running Certbot for the first time you will be prompted to enter an email and press
Yto agree to the terms of service.
- Confirm whether your new certificate is accessible or not over HTTPS. To do this Try reloading your website using
https://your-domain.comand notice your browser’s security indicator.