Deploy HTTPS for Nginx Site Using Let’s Encrypt

CentOS is too old, yum packages are too old, fuck U CentOS. I’ll move to Debian now.

Preparations

• CentOS 7
• nginx (have configured the HTTP site already)

Deploy

Install Certbot, the Let’s Encrypt client

1

yum install certbot python2-certbot-nginx

Check certbot version:

1

certbot --version

And there should print the certbot version.

Deploy HTTPS for Nginx site

1

certbot --nginx -d <yoursite.com>

Follow the instructions, type in the email address, agree the agreements, and not to receive advertising mails.

Reload nginx:

1

systemctl restart nginx

And the HTTPS is deployed.

Verify the HTTPS certificate

Open <yoursite.com> to verify HTTPS.

Auto renew HTTPS certificate

The validity of SSL certificate assigned by Let’s Encrypt is 90 days. So we need to set a crontab timer to update the certificate automatically.

Verify whether we can update the certificate manually fisrt:

1

certbot renew --dry-run

Set crontab timer:

1

crontab -e

Update the certificate at 3:15 am every day:

1

15 3 * * * /usr/bin/certbot renew --quiet

Check crontab configuration:

1

crontab -l