Using Let’s Encrypt with Nginx on CentOS 7
I had a website that I was working on an needed to install a quick SSL certificate. I highly recommend using Let’s Encrypt, a free SSL certificate authority that has automated scripts on Linux to easily issue and install a certificate. It’s very straight forward.
For these setups, I’m going to assume you already got your CentOS 7 server running, Nginx installed, and configured and you’re website is working.
First thing we’re going to do is install certbot nginx plugin with all it’s dependencies.
yum -y install certbot-nginx
Next we’ll issue a certificate and have it installed.
certbot --nginx -d example.com -d www.example.com
This will ask you a couple of questions, first your email address, then if you want to setup a redirect from http to https.
You’ll have something like the following added into your configuration:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
Last thing to do is automate the renewals with a cronjob. Add this to your root crontab.
22 0 * * * certbot renew --quiet
This will use the Certbot client to check your Let’s Encrypt certificates daily at 10PM, but really can be anytime you want. If the certificates are under 30 days certbot will attempt to renew the certificate for your domain.
Hope this helps you out as a quick setup for certificates.