This article covers how to use the certbot Let’s Encrypt client to obtain a free SSL certificate and use it with Nginx on CentOS 7.
Let's Encrypt is a new Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps.
Currently, the entire process of obtaining and installing a certificate is fully automated on both Apache and Nginx web servers.
To Install the Certbot Let's Encrypt Client:
1. Enable access to the EPEL repository on your server by typing:
$ sudo yum install epel-release
2. Once the repository has been enabled, you can obtain the certbot-nginx package by typing:
$ sudo yum install certbot-nginx
How to Install Nginx on CentOS ?
1. To install Nginx, run the command:
$ sudo yum install nginx
2. Then, start Nginx using systemctl:
$ sudo systemctl start nginx
How to configure firewall on CentOS ?
If you have a firewall enabled, make sure port 80 and 443 are open to incoming traffic.
1. If you have a firewalld firewall running, you can open these ports by typing:
$ sudo firewall-cmd --add-service=http
$ sudo firewall-cmd --add-service=https
$ sudo firewall-cmd --runtime-to-permanent
2. If have an iptables firewall running, the commands you need to run are highly dependent on your current rule set. For a basic rule set, you can add HTTP and HTTPS access by typing:
$ sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$ sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT