Deploying Let’s Encrypt free SSL certificate for Nginx Web Server on Centos Linux

As I am running Nginx web server on Centos Linux, here is the steps to deploy Let’s Encrypt free SSL certificate.

Make sure that TLS SNI support is enabled on Nginx web server.

# nginx -V
built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled

Now, download the Certbot. Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for a web server.

wget --no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

I use certbot-auto -n just to install certbot-auto package in non-interactive mode.

Next, run certbot-auto to obtain the certs

certbot-auto certonly --email [email protected] --agree-tos --webroot -w /var/www/ -d

You’ll get messages as below:

– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ Your cert will
expire on 2017-04-01. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
“certbot-auto renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt:
Donating to EFF:

Now, edit the Ngnix configuration file.

vi /etc/nginx/nginx.conf

Next, add these lines into

listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

Last, restart Ngnix

/etc/init.d/nginx reload

Posted in Linux Tagged with:

Leave a Reply