How To Install Lets Encrypt On Centos 7 Nginx
Purpose of Lets Encrypt
Lets Encrypt is a free and open-source encryption certificate authority that provides digital certificates to website owners in order to secure a website with TLS/SSL encryption and encrypt data that is transferred over the internet. This is particularly important for websites that store users’ confidential information, including names, passwords, and credit card numbers, as the encryption ensures that users’ data remains private and secure.
Before Lets Encrypt came into existence, website owners had to buy SSL certificates from third-party companies in order to secure their websites. These certificates were expensive and required website owners to constantly renew them. Lets Encrypt, on the other hand, provides free and automated certificates that can be installed on a web server and easily keep up to date.
Before installing Lets Encrypt, you need to have a few things in place. First, you must have a web server running the CentOS 7 operating system, with the Nginx web server, PHP, and MariaDB already installed.
You also must have your domain name pointed to your server. For example, if your domain is example.com, you need to configure your DNS records to point example.com and www.example.com to your server’s IP address.
If you want to use the automatic renewal feature of Lets Encrypt, you must also have an email address associated with your domain name.
Installation of Lets Encrypt Client
The first step in installing Lets Encrypt is to install the client, which will be used to generate the SSL certificate. We will be using the Certbot client, which will make the process a lot easier.
To install the Certbot client, SSH into your server and run the following command:
$ sudo yum -y install certbot
This will install the client. Once the installation is complete, you can move on to the next step.
Generating SSL Certificates
Once the Certbot client is installed, you can now generate the SSL certificate. To do this, you need to run the following command:
$ sudo certbot –nginx
You will be asked to enter your email address and agree to the Terms of Service. Once this is done, the command will generate the SSL certificate for you. It will also create a configuration file for Nginx that will contain the necessary settings for the certificate.
Now that you have the SSL certificate, you need to configure Nginx to use it. To do this, you need to edit the nginx.conf file, which is located in the /etc/nginx directory.
In the nginx.conf file, you need to add the following lines:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Replace example.com with your own domain name.
You also need to enable the force_ssl setting in the Nginx configuration file. To do this, add the following line to your Nginx configuration:
Enabling Automatic Renewal
Let’s Encrypt certificates expire after 90 days, so you need to renew them regularly. The Certbot client can be configured to do this automatically. To enable this, you need to add a cron job to your server.
To do this, open the crontab file with the following command:
$ sudo crontab -e
Then add the following line to the crontab file:
0 0 * * * certbot renew –pre-hook “sudo nginx -s reload”
This will renew the certificates on the first day of every month. When the certificates are renewed, Nginx will also be reloaded so that the new certificates are used.
Testing and Verification
Once you have installed Lets Encrypt, you need to test and verify that it is working properly. To do this, open your website in a web browser and look at the URL bar. If you see a green padlock icon, it means that the website is secure and you have successfully installed Lets Encrypt.
You can also use an SSL checker, such as SSL Labs, to verify that the certificate is working properly. Just enter your website URL and it will provide you with a detailed report of the SSL configuration. This will help you identify any potential issues with the installation.
Installing Lets Encrypt on CentOS 7 with Nginx is not difficult, and it will provide a lot of benefits, such as automatic renewal, improved security, and a boost to SEO rankings. With just a few steps, you can easily protect your website with an SSL certificate.
Thank you for reading this article. Please read other articles for further assistance.