How to setup Lets Encrypt on CentOS

by Posted on

No site looks serious if it has a big red warning flag when you browse it. The solution to this is to enable HTTPS with a cert from a trusted certificate authority, such as Let’s Encrypt, which is free!

You’ll need a couple of things to get a certificate from Let’s encrypt with this tutorial:

  • A CentOS web server with nginx
  • A domain which has an A-record pointed to the server

Installing CertBot

CertBot is Let’s Encrypt’s client for creating and authorizing certificates. On CentOS, install it by first enabling the EPEL-repository:

$ yum install epel-release

And then install the package:

$ yum install certbot-nginx

CertBot can automatically configure certificates for nginx by looking at your nginx configuration files. To do this, it needs to find a server_name line in an nginx server block with the domain name you want a cert for. For example, our nginx configuration responds to example.com:

server_name example.com www.example.com;

Now it’s time to configure certbot to request the certificate:

$ certbot --nginx -d example.com -d www.example.com

It will ask you for an email address, and to agree to the terms and services. After that it will test if Let’s Encrypt can connect to your server. If no problems are encountered, you will have a certificate, and nginx will be configured to use it. Test it out by connecting to your server with https:

https://example.com

Setting up auto-renewal

Since Let’s Encrypt certs only last for 90 days, you will want to automate the renewal process. This is done with cron.

Let’s start by setting up a daily renewal check:

$ crontab -e

Enter the following line:

15 3 * * * /usr/bin/certbot renew --quiet

This line means “run the following command every day at 3.15AM.”

The renew command in certbot will check all Let’s Encrypt certificates on the server, and update those that expire in less than 30 days. The –quiet addition makes sure the command doesn’t output anything, or wait for user interaction.

Now we’re done! You’ve successfully configured an nginx server to use Let’s Encrypt certs.

Published by Techmaster

Leave a Reply

Your email address will not be published. Required fields are marked *