Setup Let’s encrypt SSL for Your Domains on Centos7 on NGINX

lestsencrypt

An while back I have written the post off how you can install php7 with nginx on an VPS server to have very good performance, you can find it here: WordPress Hosting – Install PHP7, Nginx and Virtualmin on CentOS 7.2 .

In this article I would continue the series and show how you can use let’s encrypt to have an running HTTPS website for free with an valid certificate signed by an CA.

Let’s encrypt is an free Certificate Authority that will generate an certificate for your domain and help in having your site running on HTTPS.  Haveing your site running on HTTPS has more benefits like:

  • SEO – Google is ranking higher the sites that are on HTTPS, here you can find more details
  • HTTP2 the new protocol is out and new browsers are supporting it, HTTP2 can run only on HTTPS, here are more details
  • Have your site more secured, in case you are using an membership site this is recommended

Steps to have your site running on HTTPS

I have started from How To Secure Nginx with Let’s Encrypt on CentOS 7 but this are not the exact configurations when you are using Virtualmin and Nginx to host multiple sites. In this article I would go thru the all steps that I have done to have bitdoze.org running on the HTTPS.

Step 1 — Install Let’s Encrypt Client

As mentioned in the article from digitalocean the let’s encrypt client would need to be installed, the exacts steps mentioned also there would need to be followed:

Install Git and Bc

Clone Let’s Encrypt


Now you will have /opt/letsencrypt the encyption tool need to generate the certificate.

Step 2 — Obtain a Certificate

You have already NGINX installed as part off the previous tutorial, what remains to be done is to get the certificate. Before doing so some configurations would need to be done on nginx

Add well-know on the domain

You will need to open the /etc/nginx/nginx.conf and add the below code under the domain you want to run on HTTPS:


If is not clear where the code should be added just check the snapshot from the end of the article with the complete configs.

Restart Nginx

For the configuration to be acive NGINX would need to be restarted


This needs to be done as the Let’s Encypt will use the http://domain.com/.well-known to create the certificate.

Generate the certificate

Next action would be to have the certificate created for your domain. To do so you will need the root path where the files for sites exists for me is: /home/bitdoze.org/public_html

Next you would need to run:


 

Next you woud be asked for the emai address and to agree and everything is ok then:


Now you have the certificate files, you can check:


 

Step 3 — Configure TLS/SSL on Web Server (Nginx)

Activate SSL but let also the 80:


Add SSL certificate and new ssl_chipers


Redirect the HTTP to HTTPS:


Restart Nginx


 

For an complete picture off how my server looks check:


 

Step 4 – WordPress Configurations

 

You will need to edit the wp-config.php file and add:


You just replace my site with your site.

Step 5 — Set Up Auto Renewal

The certificate is expiring at 90 days you will need to renew it. To do so you need to run:


To make the process automatic you need to add an script in crontab:


Add the script you can run it every week or when you want for every week: