In this guide, we will explain how to Secure Nginx with Let's Encrypt on CentOS 7.
Deploying your cloud server
If you have not already registered with Cloudwafer, you should begin by getting signed up. Take a moment to create an account after which you can easily deploy your own cloud servers.
- For the sake of this tutorial, we are going to be using a registered domain with which we are going to use the certificate. If you do not already have a registered domain name, you can register one with Cloudwafer
- Let's Encrypt validates that you own the domain it is issuing a certificate for. Hence, a DNS A Record that points your domain to the public IP address of your server is required. This guide will be using
www.labs.cloudwaferlabs.com.ngas the domain names, hence both DNS records are required.
Step 1: Install Nginx
If you don't have the Nginx web server installed, issue the commands below to install it on your CentOS 7 Server. First, enable access to the EPEL repository which provides additional packages for CentOS on your server by typing:
sudo yum install epel-release -y
Next, issue the command below to install Nginx
sudo yum install nginx
Upon completion, start and enable Nginx by issuing the command below:
sudo systemctl start nginx sudo systemctl enable nginx
You can check the status of Nginx by issuing the command below:
sudo systemctl status nginx
Step 2: Install the Certbot Let's Encrypt Client
Next, we are going to install
certbot-nginx which is the Let's Encrypt client software required for Nginx on our CentOS 7 server.
Once the repository has been enabled, you can obtain the certbot-nginx package by typing:
sudo yum install certbot-nginx -y
Step 3: Obtaining a Certificate
The command below to obtain a certificate will run the
certbot package with the
--nginx plugin, using
-d to specify the domain names that we want the certificate to be valid for.
To obtain a certificate, issue the command below replacing
labs.cloudwaferlabs.com.ng with the name of your domain:
sudo certbot --nginx -d labs.cloudwaferlabs.com.ng -d www.labs.cloudwaferlabs.com.ng
For first time users of the
certbot package, you will be prompted to enter an Email ID and agree to terms and conditions.
certbot will ask on how you want to to configure the HTTPS settings for your domain:
Step 4: Setting Up Auto Renewal
Let's Encrypt's certificates are only valid for ninety days, hence we are going to set up command to check for expiring certificates and renew them automatically using
cron. Our cron job will check at 4.30 AM everyday all certificates installed on the system and update any that are set to expire in less than thirty days.
sudo crontab -e 30 4 * * * /usr/bin/certbot renew --quiet