{"id":15070,"date":"2023-09-21T07:25:04","date_gmt":"2023-09-21T06:25:04","guid":{"rendered":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?p=15070"},"modified":"2023-12-13T11:27:09","modified_gmt":"2023-12-13T11:27:09","slug":"how-to-secure-nginx-with-lets-encrypt-on-centos-7","status":"publish","type":"post","link":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/","title":{"rendered":"How to Secure Nginx with Let&#8217;s Encrypt on CentOS 7?"},"content":{"rendered":"\n<p>Let&#8217;s Encrypt provides free TLS\/SSL certificates to help you enable encrypted HTTPS on web servers with the help of a Certificate Authority (CA). Certbot provides a software client that attempts to automate most (if not all) of the required steps to streamline the process. Currently, both Apache and Nginx web servers automate the entire process of obtaining and installing certificates.<\/p>\n\n\n\n<p>With the use of Nginx on CentOS 7, we will demonstrate how to obtain a <a href=\"https:\/\/www.milesweb.co.uk\/web-security\/free-ssl-certificate\">free SSL certificate<\/a> using the certbot Let&#8217;s Encrypt client. You will also learn how to automatically renew your SSL certificate.<\/p>\n\n\n\n<p>Note: In this tutorial, we will be using www.example.com as a sample registered domain name.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Prerequisites<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A non-root CentOS 7 server has sudo privileges.<\/li>\n\n\n\n<li>A registered domain on which you have to get <a href=\"https:\/\/www.milesweb.co.uk\/web-security\/ssl-certificates\">SSL certificates<\/a> installed. If it is not available, MilesWeb offers domain registration services of your choice.<\/li>\n\n\n\n<li>A DNS \u201cA\u201d Record pointing domain to the public IP address of servers. It is essential to have Let\u2019s Encrypt. It validates the ownership of the registered domain.<\/li>\n\n\n\n<li>After having these prerequisites, it\u2019s time to install the Let\u2019s Encrypt client software.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How to Install SSL on Nginx Web Server?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Installing the Certbot Let\u2019s Encrypt Client<\/h3>\n\n\n\n<p>First, for using Let\u2019s Encrypt to obtain an SSL certificate, users need to install the certbot software on the server. EPEL repository is the best medium to install certbot.<\/p>\n\n\n\n<p>Before that, enable its access to the EPEL repository by executing the following command.<\/p>\n\n\n\n<code>sudo yum install epel-release<\/code>\n\n\n\n<p>Once it is enabled, you can obtain the certbot-nginx package with the following command:<\/p>\n\n\n\n<code>sudo yum install certbot-nginx<\/code>\n\n\n\n<p>The certbot Let\u2019s Encrypt is installed and now it is ready to use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Setting up Nginx<\/h3>\n\n\n\n<p>Installing Nginx is required for the further process. Here is the following command to run on the terminal. It will install Nginx.<\/p>\n\n\n\n<code>sudo yum install nginx<\/code>\n\n\n\n<p>Nginx can be started from the following command line:<\/p>\n\n\n\n<code>sudo systemctl start nginx<\/code>\n\n\n\n<p>If your configuration contains the correct server block, Certbot can configure SSL automatically for Nginx. The server_name directive must match the domain name for which a certificate is requested. To update the default configuration file of Nginx when you&#8217;re starting, you can use vi or your favorite text editor:<\/p>\n\n\n\n<code>sudo vi \/etc\/nginx\/nginx.conf<\/code>\n\n\n\n<p>Find the server name using the command.<\/p>\n\n\n\n<code>server_name _;<\/code>\n\n\n\n<p>Next, replace the underscore with the registered domain name.<\/p>\n\n\n\n<code>server_name example.com www.example.com;<\/code>\n\n\n\n<p>Close the text editor and save the file. While using vi text editor enter :x, then y when prompted to save and quit.<\/p>\n\n\n\n<p>Save the file and quit your editor. If you are using vi, enter :x, then y when prompted, to save and quit. Make sure your configuration edits follow the following syntax:<\/p>\n\n\n\n<code>sudo nginx \u2013t<\/code>\n\n\n\n<p>Reload Nginx to load new configurations if the above command runs without error. Use the<\/p>\n\n\n\n<code>sudo systemctl reload nginx<\/code>\n\n\n\n<p>Now, we will be updating the firewall to allow HTTPS traffic on the website.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Updating the Firewall<\/h3>\n\n\n\n<p>Before enabling the firewall, ensure HTTPS ports 80 and 443 are open to accept website traffic. Execute the following command to open these ports.<\/p>\n\n\n\n<code>sudo firewall-cmd --add-service=http<\/code>\n\n\n\n<code>sudo firewall-cmd --add-service=https<\/code>\n\n\n\n<code>sudo firewall-cmd --runtime-to-permanent<\/code>\n\n\n\n<p>If you are using an iptables firewall, the commands you need to run depend on your current rule set. Adding HTTP and HTTPS access to an initial rule set is as simple as typing:<\/p>\n\n\n\n<code>sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT<\/code>\n\n\n\n<code>sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT<\/code>\n\n\n\n<p>It\u2019s time to run Certbot and fetch our certificates.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Obtaining a Certificate<\/h3>\n\n\n\n<p>With plugins, there are various ways in which Certbot provides SSL certificates. The Nginx plugin will look after the reconfiguration of the SSL part when required. Use the following command for reconfiguration.<\/p>\n\n\n\n<code>sudo certbot --nginx -d example.com -d www.example.com<\/code>\n\n\n\n<p>Using <strong><em>-d<\/em><\/strong>, we specify the names for which we wish to validate the certificate using certbot with the &#8211;nginx plugin.<\/p>\n\n\n\n<p>Upon running certbot for the first time, you will be asked to enter an email address and agree to the terms of service. Certbot will then communicate with Let&#8217;s Encrypt, then run a challenge to verify that you are the owner of the domain. To pick up the new settings, Nginx will reload with the updated configuration. A message will appear once certbot has completed the process, telling you where your certificates are located:<\/p>\n\n\n\n<p><strong>Output<\/strong><\/p>\n\n\n\n<p><strong>IMPORTANT NOTES:<\/strong><\/p>\n\n\n\n<p>&nbsp;&#8211; Congratulations! Your certificate and chain have been saved at:<\/p>\n\n\n\n<code>\/etc\/letsencrypt\/live\/your_domain\/fullchain.pem<\/code>\n\n\n\n<p>&nbsp;&nbsp; Your key file has been saved at:<\/p>\n\n\n\n<code>\/etc\/letsencrypt\/live\/your_domain\/privkey.pem<\/code>\n\n\n\n<p>&nbsp;&nbsp; Your certificate will expire on 2022-10-20. To obtain a new or<\/p>\n\n\n\n<p>&nbsp;&nbsp; tweaked version of this certificate in the future, simply run<\/p>\n\n\n\n<p>&nbsp;&nbsp; certbot again with the &#8220;certonly&#8221; option. To non-interactively<\/p>\n\n\n\n<p>&nbsp;&nbsp; renew *all* of your certificates, run &#8220;certbot renew&#8221;<\/p>\n\n\n\n<p>&nbsp;&#8211; If you like Certbot, please consider supporting our work by:<\/p>\n\n\n\n<p>&nbsp;&nbsp; Donating to ISRG \/ Let&#8217;s Encrypt:&nbsp;<\/p>\n\n\n\n<p>https:\/\/letsencrypt.org\/donate<\/p>\n\n\n\n<p>&nbsp;&nbsp; Donating to EFF:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; https:\/\/eff.org\/donate-le<\/p>\n\n\n\n<p><a><\/a>Cross-check the SSL indicator in the search bar. The domain must have it which assures domain security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Set Up Auto Renewal<\/h3>\n\n\n\n<p>The Let\u2019s Encrypt certificates are validated only for ninety days. We would recommend you set up an auto-renewal process with the following command.<\/p>\n\n\n\n<code>sudo crontab \u2013e<\/code>\n\n\n\n<p>The default crontab file will be opened in your text editor. The following line should be pasted in, then saved and closed:<\/p>\n\n\n\n<p><code>Crontab<\/code><\/p>\n\n\n\n<p>. . .<\/p>\n\n\n\n<p><code>15 3 * \/usr\/bin\/certbot renew \u2013quiet<\/code><\/p>\n\n\n\n<p>It means that the following command should be run every day at 3:15 am. It is up to you when you choose.<\/p>\n\n\n\n<p>With the renew command for Certbot, all certificates installed on the system will be checked and updated if they expire within thirty days. The &#8211;quiet option instructs Certbot not to output information or wait for user input.<\/p>\n\n\n\n<p>Cron will now run this command every day. In the event that a certificate expires in less than thirty days, it will be automatically renewed and reloaded.<\/p>\n\n\n\n<p><div class=\"vlt-box \">\n<div class=\"box-title\" style=\"background:#D5EAFF; color:#000\">Conclusion<\/div>\n<div class=\"box-content\" >\n<p>Safeguarding Nginx web servers with Let\u2019s Encrypt certificate gives a secured web browsing experience to clients. If you have servers with the CentOS 7 version and Nginx installed on them, this tutorial is a must to follow. Also, auto-renewal of SSL certificates reduces the technical burden.<\/p>\n<\/div><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let&#8217;s Encrypt provides free TLS\/SSL certificates to help you enable encrypted HTTPS on web servers with the help of a Certificate Authority (CA). Certbot provides a software client that attempts to automate most (if not all) of the required steps to streamline the process. Currently, both Apache and Nginx web servers automate the entire process [&hellip;]<\/p>\n","protected":false},"author":35,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41],"tags":[614,425],"class_list":["post-15070","post","type-post","status-publish","format-standard","placeholder-for-hentry","category-howtos","tag-centos-7","tag-nginx-server"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Secure Nginx with Let&#039;s Encrypt on CentOS 7?<\/title>\n<meta name=\"description\" content=\"Secure the Nginx nameserver with SSL certificates by Let&#039;s Encrypt. Safeguard servers with CentOS 7 operating system in these easy steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Secure Nginx with Let&#039;s Encrypt on CentOS 7?\" \/>\n<meta property=\"og:description\" content=\"Secure the Nginx nameserver with SSL certificates by Let&#039;s Encrypt. Safeguard servers with CentOS 7 operating system in these easy steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Hosting FAQs by MilesWeb\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-21T06:25:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-13T11:27:09+00:00\" \/>\n<meta name=\"author\" content=\"Jackson Lane\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jackson Lane\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/\",\"name\":\"How to Secure Nginx with Let's Encrypt on CentOS 7?\",\"isPartOf\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website\"},\"datePublished\":\"2023-09-21T06:25:04+00:00\",\"dateModified\":\"2023-12-13T11:27:09+00:00\",\"author\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/1f580bdff0fa81720fae0fd0c3919758\"},\"description\":\"Secure the Nginx nameserver with SSL certificates by Let's Encrypt. Safeguard servers with CentOS 7 operating system in these easy steps.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Secure Nginx with Let&#8217;s Encrypt on CentOS 7?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/\",\"name\":\"Web Hosting FAQs by MilesWeb\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/1f580bdff0fa81720fae0fd0c3919758\",\"name\":\"Jackson Lane\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/dd43b6ec8f85bdee32ceaac59c48807f?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/dd43b6ec8f85bdee32ceaac59c48807f?s=96&d=blank&r=g\",\"caption\":\"Jackson Lane\"},\"description\":\"I am an experienced Marketing Manager at MilesWeb UK, a leading web hosting company in the UK. With extensive knowledge in web hosting, WordPress, digital marketing, and web development, I'm committed to helping businesses succeed online. His expertise and enthusiasm for the digital world make him a valuable asset in the constantly changing field of online marketing.\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/author\/jackson-lane\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Secure Nginx with Let's Encrypt on CentOS 7?","description":"Secure the Nginx nameserver with SSL certificates by Let's Encrypt. Safeguard servers with CentOS 7 operating system in these easy steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/","og_locale":"en_GB","og_type":"article","og_title":"How to Secure Nginx with Let's Encrypt on CentOS 7?","og_description":"Secure the Nginx nameserver with SSL certificates by Let's Encrypt. Safeguard servers with CentOS 7 operating system in these easy steps.","og_url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/","og_site_name":"Web Hosting FAQs by MilesWeb","article_published_time":"2023-09-21T06:25:04+00:00","article_modified_time":"2023-12-13T11:27:09+00:00","author":"Jackson Lane","twitter_misc":{"Written by":"Jackson Lane","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/","name":"How to Secure Nginx with Let's Encrypt on CentOS 7?","isPartOf":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website"},"datePublished":"2023-09-21T06:25:04+00:00","dateModified":"2023-12-13T11:27:09+00:00","author":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/1f580bdff0fa81720fae0fd0c3919758"},"description":"Secure the Nginx nameserver with SSL certificates by Let's Encrypt. Safeguard servers with CentOS 7 operating system in these easy steps.","breadcrumb":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/how-to-secure-nginx-with-lets-encrypt-on-centos-7\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/"},{"@type":"ListItem","position":2,"name":"How to Secure Nginx with Let&#8217;s Encrypt on CentOS 7?"}]},{"@type":"WebSite","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/","name":"Web Hosting FAQs by MilesWeb","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/1f580bdff0fa81720fae0fd0c3919758","name":"Jackson Lane","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/dd43b6ec8f85bdee32ceaac59c48807f?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/dd43b6ec8f85bdee32ceaac59c48807f?s=96&d=blank&r=g","caption":"Jackson Lane"},"description":"I am an experienced Marketing Manager at MilesWeb UK, a leading web hosting company in the UK. With extensive knowledge in web hosting, WordPress, digital marketing, and web development, I'm committed to helping businesses succeed online. His expertise and enthusiasm for the digital world make him a valuable asset in the constantly changing field of online marketing.","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/author\/jackson-lane\/"}]}},"views":0,"_links":{"self":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/15070","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/comments?post=15070"}],"version-history":[{"count":4,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/15070\/revisions"}],"predecessor-version":[{"id":15156,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/15070\/revisions\/15156"}],"wp:attachment":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/media?parent=15070"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/categories?post=15070"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/tags?post=15070"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}