Home Tutorial How to install Let’s Encrypt certificate on CentOS 7 (NGINX)

How to install Let’s Encrypt certificate on CentOS 7 (NGINX)

Last updated on September 27, 2019 by 0 Comment Share

As you know, the previous article I instructed you to install LEMP on CentOS.  You can read it here.

 

let's encrypt nginx

Today’s article I will guide you on how to install Let’s Encrypt SSL on LEMP.

Install SSL Let’s Encrypt on LEMP using CentOS

I chose Certbot client because it makes installation Let’s Encrypt made easy.

First, you need to install EPEL repository:

yum install epel-release

Now install certbot-nginx with the following command:

yum install certbot-nginx

Step 2: Make the www redirect without www with NGINX

In this case, I will redirect from www to non-www.

When adding the domain we have a configuration file nginx for example: /etc/nginx/domains/yourdomain.com.conf.

Create an nginx configuration file for the domain (replace your domain name with yours):

nano /etc/nginx/domains/yourdomain.com.redirect.conf

Copy and paste this code into:

server { server_name www.example.com; return 301 $scheme://example.com$request_uri; }

Save and exit nano.

Restart nginx: systemctl restart nginx

Step 3: Obtain a certificate

Get the certificate and settings for the domain you want:

certbot --nginx -d example.com -d www.example.com

If the first time you run it will ask for your email address. Next, it asks if you want to receive an email or not.

Finally, it asks how to configure HTTPS you choose 2 for safety.

Now your website has successfully installed Let’s Encrypt certificate.

Let’s Encrypt certificate is only valid for 90 days. So you need to create cronjob automatically renewed:

export VISUAL=nano; crontab -e

Add this line to:

15 3 * * * /usr/bin/certbot renew --quiet

Meaning: Run the renewal command at 3:15 am. If the certificate has not expired, it does nothing.

Step 4: Update Diffe-Hellman parameters

If you now test the website using the SSL Labs Server Test,  you will only earn B.

To resolve this issue, run the following command:

openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Once successful, open the nginx configuration file:

nano /etc/nginx/domains/khamphaso.com.conf

Paste the following line into the server block:

ssl_dhparam /etc/ssl/certs/dhparam.pem;
Install Let's Encrypt

By default, the CertBot configuration section does not configure http2 you correct:

Install Let's Encrypt
*** Note: Replace khamphaso.com by yourdomain.com

Step 5: Activate HTTP / 2 for NGINX on CentOS

Currently, NGINX is having the following issue:

It is compiled with OpenSSL from version 1.0.2 and earlier. Therefore popular browsers still use the old HTTP / 1.1 protocol. You see more problems in this article.

You can check in more detail the command: nginx -V. will see OpenSSL version.

The only workaround is to compile the source with the new Open SSL version. Yes, your website will run via HTTP / 2 protocol.

So this article you have installed Let’s Encrypt certificate on CentOS for NGINX.

In general, CentOS OS currently has the old OpenSSL version that caused HTTP / 2 problems

About the Author: admin
The best hosting, domain and VPS servers coupon codes at TopHostCoupon.com help you save money when buying hosting, domain names, and servers.
You might like
Hola VPN
How to download, install and use Hola VPN in detail, simply and quickly?
November 9, 2024
Install SSL Vultr VPS
3 popular and easy ways to install SSL for Vultr VPS
July 23, 2024
Parallels Desktop 18
How to install Parallels Desktop 18 to install Windows on MacBook M1, M2, Intel
July 25, 2023
Cheap Youtube Premium with VPN
How to buy cheap YouTube Premium in 2024
July 5, 2023
Install SSL Certificate on cPanel Hosting
How to install SSL Certificates on cPanel hosting?
January 11, 2023
Add domain to cPanel
How to add domain to cPanel hosting
November 16, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *