How to Get a Free SSL Certificate and Install It on CentOS 7.0 with Nginx (Let’s Encrypt)

1. Prerequisites

A CentOS 7.0 server (with root access)

A domain name (e.g., yourdomain.com)

The domain’s A record correctly pointing to your server’s IP

2. Install Certbot (Let’s Encrypt Client)

Step 1: Enable the EPEL repository

   sudo yum install epel-release -y

Step 2: Install Certbot and the Nginx plugin

    sudo yum install certbot python2-certbot-nginx -y

3. Prepare Nginx for HTTP Challenge Validation

Let’s Encrypt uses HTTP validation via the path .well-known/acme-challenge/. Make sure it’s publicly accessible.

Sample HTTP Configuration (port 80):

server {
    listen 80;
    server_name yourdomain.com;

    location ^~ /.well-known/acme-challenge/ {
        root /usr/share/nginx/html;
        allow all;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

Reload Nginx:

    sudo systemctl reload nginx

4. Request an SSL Certificate

Use Certbot in webroot mode:

    sudo certbot certonly –webroot -w /usr/share/nginx/html -d yourdomain.com

Certificate files will be saved in /etc/letsencrypt/live/yourdomain.com/

5. Configure HTTPS in Nginx

Edit your Nginx config to enable SSL:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate     /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        root /usr/share/nginx/html;
        index index.html;
    }
}

Restart Nginx:

    sudo systemctl restart nginx

6. Renew the SSL Certificate (Manual)

Let’s Encrypt certificates are valid for 90 days. To renew manually:

    sudo certbot renew

    sudo systemctl reload nginx

7. Verify HTTPS Is Working

Check in your browser:

https://yourdomain.com

Or use cURL:

    curl -I https://yourdomain.com

Notes for Source-Installed Nginx

If you installed Nginx from source:

– Use –webroot mode

– Replace the root path accordingly

– Reload Nginx with:

    sudo /usr/local/nginx/sbin/nginx -s reload

Summary

1. Installed Certbot on CentOS 7.0

2. Applied for a free SSL certificate from Let’s Encrypt

3. Configured Nginx for HTTPS

4. Learned how to manually renew certificates

Your site is now more secure with HTTPS!

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *