Install SSL with Let’s Encrypt on Centos 7

Let’s Encrypt is an open certificate authority developed by the Internet Security Research Group (ISRG). Certificates issued by Let’s Encrypt are trusted by almost all browsers today. And what’s great is that it is free.

This tutorial provides a step by step instructions about how to secure your Nginx server with SSL.

Install Certbot

Certbot automate the obtaining and renewing Let’s Encrypt SSL certificates and configuring web servers.

The following command will install the certbot package:

Generate Strong Dh (Diffie-Hellman) Group

Diffie–Hellman key exchange (DH) is a method of securely exchanging cryptographic keys over an unsecured communication channel.

Generate a new set of 2048 bit DH parameters by typing the following command:

Obtaining a Let’s Encrypt SSL certificate

To simplify steps obtaining an SSL certificate for our domain let’s use the Webroot plugin that works by creating a temporary file for validating the requested domain in the ${webroot-path}/.well-known/acme-challenge directory.

To create the directory and make it writable for the Nginx server type the following commands:

Create the following two snippets to avoid boilerplate code which we’re going to include in all our Nginx server block files:

Reload the Nginx configuration to activate changes:

Type the following run Certbot command to obtain the SSL certificate files for your domain:

Auto renewal certificates

Run the next command, which will add a cron job to the default crontab:

Additional links

If you need more information about using Certbot, you can check the official Certbot documentation.


About Paul Smith

GoLang / PHP developer with more than 10 years experience in IT.