It looks like you're new here. If you want to get involved, click one of these buttons!Sign In Register
It looks like you're new here. If you want to get involved, click one of these buttons!
Let's Encrypt allows you to install TLS/SSL certificated in a free and fully automated process.
In this guide, you will learn how to install a certificate from Let’s Encrypt on Centos 7 / AlmaLinux 8 with Nginx running as a web server.
Before enabling the Let's Encrypt certificate, make sure you have NGINX installed on your server. To install it, you can check our guide: How to install Nginx. This guide is suitable for AlmaLinux 8 too.
This step is for AlmaLinux 8 only. Skip this step if you are configuring Nginx on CentOS 7.
Run the following command to install updated GPG keys on AlmaLinux 8:
rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
Make sure to install EPEL repository if it's not installed yet:
yum install epel-release
After that install the certbot. On CentOS 7 run this command:
yum install certbot-nginx
On AlmaLinux 8 enter the following command:
dnf install certbot python3-certbot-nginx
Open the NGINX configuration file:
Find the line
server_name _; and change the underscore to your domain as showed in the example (change the "yourdomain.ltd" to your actual domain):
server_name yourdomain.ltd www.yourdomain.ltd;
Save the file and exit (pres "Esc", then type :wq and click "Enter").
Now run the following command:
Your changes of the configurations were verified. Now reload the NGINX:
systemctl reload nginx
Before enabling the certificate, make sure the 80 and 443 ports are opened on your firewall.
To open these ports on iptables, run the following commands:
iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
If you using the firewalld, run these commands:
To issue SSL, run the following command (change the "yourdomain.ltd" to your domain):
certbot --nginx -d yourdomain.ltd -d www.yourdomain.ltd
While enabling a certificate, you will be prompted to enter an email, agree to the Terms of Service (mandatory), and agree or disagree to share your email address with Electronic Frontier Foundation (this is optional).
Certificate is valid for 90 days. To manually renew certificate run this command:
certbot renew --dry-run
However, it is way more comfortable to configure automatic renewal for your certificate. For that create a crontab:
Enter this line to the crontab:
- */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1
Save changes and exit (pres "Esc", type :wq and click "Enter").
This command will automatically run twice a day and check if the certificates are less than 30 days away from the expiration date. If yes, it will be renewed automatically.
To check, if the SSL was installed successfully, run this command:
If the certificate was installed successfully, you will see this output:
README cert.pem chain.pem fullchain.pem privkey.pem
Also, you can just open your website, click on the padlock icon in the address and you should see information about your domain certificate.