How To install Nginx with Let's Encrypt on Rocky Linux 9

Michail

Introduction

Nginx is a high-performance open-source web server that powers a huge number of high-load sites around the world. Nginx has gained widespread popularity due to its light weight, reliability, scalability, and ease of setup.

Today we will install Nginx together with Let's Encrypt on Rocky Linux 9.

Installation Guide

1. Update the system

First, update your system:

dnf update -y

2. Install Nginx

Run this command to install Nginx:

dnf install nginx -y

3. Start Nginx

Once Nginx is installed, run this command to start Nginx:

systemctl start nginx

To automatically start Nginx on every boot, run the following command:

systemctl enable nginx

4. Allow HTTP and HTTPS

Now you need allow HTTP and HTTPS in your firewall. You can do this in IPtables or firewalld.

IPtables:

If you use IPtables, run these commands:

iptables -I INPUT -p tcp --dport 80 -j ACCEPT

iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Save changes:

iptables-save | tee /etc/sysconfig/iptables

Restart itptables to apply the changes:

systemctl restart iptables

Firewalld:

If you using firewalld, run these commands to allow HTTP and HTTPS:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

5. Create a test HTML page

Create a folder for your domain (type your actual domain instead of your_domain):

mkdir -p /var/www/your_domain/html

Assign ownership of the directory:

chown -R $USER:$USER /var/www/your_domain/html

Create a simple HTML page to test the Nginx setup:

vi /var/www/your_domain/html/index.html

Paste this text:

  <html>
   Page for testing purposes
  </html>

Then restart Nginx to apply the changes:

systemctl restart nginx

6. Modify Nginx Server Block

Open the Nginx configuration file for your domain (type your actual domain instead of yourdomain.ltd):

vi /etc/nginx/conf.d/yourdomain.ltd.conf

Paste this content and change yourdomain.ltd to your actual domain:

server {
listen 80;
listen [::]:80;

root /var/www/your_domain/html;
index index.html index.htm index.nginx-debian.html;

server_name your_domain www.your_domain;

location / {
try_files $uri $uri/ =404;
}
}

Save the file and exit (press "Esc", then type :wq and click "Enter").

Restart nginx for changes to take effect:

systemctl restart nginx

7. Install Let's Encrypt certificate

Run this command to install Certbot:

dnf install certbot python3-certbot-nginx -y

After that you can obtain certificate for your domain (type your actual domain instead of your_domain):

certbot --nginx -d your_domain -d www.your_domain

You will need to select the domain you want to secure and enter your email address to receive notifications from Let's Encrypt. You will also need to agree to the Terms of Service (mandatory) and agree or disagree to share your email address with Electronic Frontier Foundation (optional).

After this you can open your web browser, go to the created test page and see if it opens with a valid SSL certificate (via HTTPS). Click on the padlock icon in the address bar to see information about the certificate.

8. Manual and automatic SSL renewal

Let's Encrypt certificates are valid for 90 days. You can renew them manually or automatically.

To renew manually, run this command:

certbot renew

If the certificate is less than 30 days away from expiration, this command will renew it.

If you want to specify auto-renewal, you can create cronjob to run the above command twice a day automatically:

crontab -e

Add this line to the crontab:

0 */12 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx

You're all set. When necessary, certbot will renew your certificates and reload Apache to pick up the changes.