How to Setup Let’s Encrypt SSL with Nginx on Linux CentOS 8 / RHEL Server
Some applications require an SSL certificate to be installed and valid to create an API call. As we all know that based on tests in a global network NGINX works faster over Apache. So in this tutorial, we will show you how to install Let's Encrypt SSL on NGINX.
Let's Encrypt SSL certificates are Valid over 99% of browsers and they are free. For an App that only needs a valid SSL to connect API or a small website/blog, the Let's Encrypt is an ideal option.
For this tutorial to work we would need a:
Valid domain name;
CentOS 8 server with public IP that appears in the DNS A record of your domain name;
If you don't have an NGINX installed, then a manual on how to install NGINX you can find here.
Installing and configuring snapd
It is better to use snapd to install and maintain Certbot. This way, it will always be updated, and automatic certificate renewal will be pre-configured. To install snapd, use the following commands
dnf install -y epel-release; dnf install -y snapd
Enable and start snapd.
systemctl enable --now snapd.socket
Enable classic snap support.
ln -s /var/lib/snapd/snap /snap
Now reboot the system.
Check if the latest version of snapd is installed.
snap install core; snap refresh core
Installing the Certbot package
Before installing the Certbot package from snap, you must be sure that there is no other Certbot installed on the system.
dnf remove certbot
Now, install Certbot from snap.
snap install --classic certbot
Run the following command to make sure that Certbot will start.
ln -s /snap/bin/certbot /usr/bin/certbot
Automatic obtaining and installation of Let’s Encrypt SSL certificate on Nginx
We recommend configuring the Nginx virtual host by adding its configuration to the /etc/nginx/conf.d/ folder with the .conf extension. If this is not done, the HTTPS configuration for the domain will be added to the nginx.conf file. Execute the next command to begin the certificate acquisition process and follow the instructions.
After the process completes successfully, restart Nginx.
systemctl restart nginx
Redirect from HTTP to HTTPS is configured automatically. Now you can check the result by accessing the domain name in the address bar of your browser.
Automatic SSL certificate renewal
Automatic renewal of the SSL certificate is configured during the installation of Certbot from a snap. You can check if the timer is running using this command:
systemctl list-timers | grep certbot
If there is no output, try these locations:
cat /etc/crontab cat /etc/cron.*/*
You can also run a test run of auto-renewing your certificates:
certbot renew --dry-run