How to configure Nginx with Let’s Encrypt on CentOS 7? Let’s Encrypt is a free, automated, and open certificate authority for your website or any other projects. This page shows how to use Let’s Encrypt to install a free SSL certificate for Nginx web server. Lets encrypt is open source and free. To follow this video you will need to be using CentOS and have Apache installed. You may also want to have virtual hosts configured on Apache.
Table of Contents
Secure Apache with Let’s Encrypt SSL on CentOS 7
By using Let’s Encrypt you can get a free valid SSL certificate. Let’s Encrypt is the Certificate Authority (CA) which provides free SSL certificate. To get SSL certificate Certbot client is used which fetches and deploys SSL certificate on your server. In this tutorial, you are going to learn how to secure Apache with Let’s Encrypt SSL on CentOS.
Before we begin
Let’s Encrypt certificate can only be requested from the server the domain is pointing to. Let’s Encrypt checks if the domain is pointed to the current server and if successful, it issues the certificate.
Prerequisites
1. Before you start to secure Apache with Let’s Encrypt SSL on CentOS 7 using the Certbot client. You must have the non-root user account on your server with sudo privileges.
2. Make it sure your domain is pointing to the current server.
1. Install Certbot Client
To install Certbot client you need to add EPEL reposiory, to do so type:
Now install Certbot client by executing following command
Confirm the installation by typing
2. Setup Firewall
If you are not running the firewall skip this step.
You need to make it sure port 80 and 443 are open in your firewall. To open ports inside firewalld using following commands.
If you have running iptables then you can run following basic commands to enable traffic on port 80 and port 443.
3. Setting up Let’s Encrypt SSL on Apache
![Let Let](/uploads/1/2/4/8/124865917/598604424.jpg)
To set up on Apache we need to install the Certbot plugin for Apache which makes this process much easier.
Let’s Encrypt do a strong domain validation for ownership of the domain. After successful verification, it issues the certificate. In below command replace example with your domain name
If you are the first time to install certificate then Certbot will ask you to enter Email ID and agree to terms and conditions.
After the above step, Certbot will ask you to configure HTTPS settings.
Output
Select your choice and continue to next step. We recommend you to choose Redirect option if you don’t want to change the configuration file manually.
NOTE: All generated files stored inside
/etc/letsencrypt/live directory
.Secure SSL Settings for Apache
SSL configuration provided for CentOS Apache version is outdated for some security issues. So we need to change some settings to make it more secure.
Open
/etc/httpd/conf.d/ssl.conf
SSL configuration file by using following command.Find out
SSLProtocol
and SSLCipherSuit
lines inside file and comment them out.Now paste following code after VirtualHost block in
/etc/httpd/conf.d/ssl.conf
file/etc/httpd/conf.d/ssl.conf
Restart Apache service by running following command.
4. Autorenewal For SSL Certificates
All of these Let’s Encrypt certificates are short-lived and expires after 90 days. So you will have to update these certificates before they expire by running the following command.
You can automate this process by adding a cronjob. Enter the following command to open crontab
Add following lines to end of the file. It will run the command twice a day and renews if the certificate is about to expire.
Conclusion
You have learned how to secure Apache with Let’s Encrypt SSL on CentOS 7 by using Certbot. If you have any queries regarding this please don’t forget to comment below.
Table of Contents
Secure Nginx with Let’s Encrypt SSL on CentOS 7
![Centos 7 dhparam pem Centos 7 dhparam pem](http://www.kavel.cn/zh-CN/letsencrypt-on-centos7/3_progress.png)
By using Let’s Encrypt you can get a free valid SSL certificate. Let’s Encrypt is the Certificate Authority (CA) which provides free SSL certificate. To get SSL certificate Certbot client is used which fetches and deploys SSL certificate on your server. In this tutorial, you are going to learn how to secure Nginx with Let’s Encrypt SSL on CentOS.
Before we begin
Let’s Encrypt certificate can only be requested from the server the domain is pointing to. Let’s Encrypt checks if the domain is pointed to the current server and if successful, it issues the certificate.
Prerequisites
1. Before you start to secure Nginx with Let’s Encrypt SSL on CentOS 7 using the Certbot client. You must have the non-root user account on your server with sudo privileges.
2. Make it sure your domain is pointing to the current server.
2. Make it sure your domain is pointing to the current server.
1. Install Certbot Client
To install Certbot client you need to add EPEL reposiory, to do so type:
Now install Certbot client by executing following command
Confirm the installation by typing
2. Setup Firewall
If you are not running the firewall skip this step.
You need to make it sure port 80 and 443 are open in your firewall. To open ports inside firewalld using following commands.
If your system is running iptables then you can run following basic commands to enable traffic on port 80 and port 443.
3. Setting up Let’s Encrypt SSL on Nginx
Let’s Encrypt do a strong domain validation for ownership of the domain. After successful verification, it issues the certificate. In below command replace example with your domain name
If you are the first time to install certificate then Certbot will ask you to enter Email ID and agree to terms and conditions.
After the above step, Certbot will ask you to configure HTTPS settings.
Output
Select your choice and continue to next step. We recommend you to choose Secure option if you don’t want to change the configuration file manually.
NOTE: All generated files stored inside
/etc/letsencrypt/live directory
.Generate Strong Diffie-Hellman Parameters
For securely exchanging cryptographic keys over an unsecured communication channel Diffie–Hellman key exchange (DH) method is used. Generate strong D-H parameters by using the following command. It will generate
dhparam.pem
file.Now you need to edit Nginx configuration file
You should paste the following code inside the server block.
Now check if the syntax is ok, to do so type:
If there is no problem in syntax reload Nginx configuration file
4. Autorenewal For SSL Certificates
All of these Let’s Encrypt certificates are short-lived and expires after 90 days. So you will have to update these certificates before they expire by running the following command.
You can automate this process by adding a cronjob. Enter the following command to open crontab
Add following lines to end of the file. It will run the command twice a day and renews if the certificate is about to expire.
Conclusion
You have learned how to secure Nginx with Let’s Encrypt SSL on CentOS 7 by using Certbot. If you have any queries regarding this please don’t forget to comment below.