In this tutorial, you will learn how to install Let’s Encrypt on CentOS 7 with Nginx. Let’s Encrypt is a free, automated, and open certificate authority developed by the Internet Security Research Group (ISRG). Certificates issued by Let’s Encrypt are valid for 90 days from the issue date. When finished, all traffic between server and client will be encrypted. We’ll use the certbot utility to obtain and renew Let’s Encrypt certificates.

  1. Update the system
yum -y update

2.  Install Nginx

yum -y install nginx

3.  Create Virtual Host

We will create a virtual host for the domain: A virtual host config file is required in this step. You can create it with nano and enter the following lines:

sudo nano /etc/nginx/conf.d/

then pasting the following contents inside:

server {
    listen 80;
    listen [::]:80;

    root /var/www/;

    index index.html;


    access_log /var/log/nginx/;
    error_log /var/log/nginx/;

    location / {
        try_files $uri $uri/ =404;

Create a document root to place your HTML files.

mkdir -p /var/www/

Place the HTML file inside the document root of your domain.

echo "You focus on your business, We take care of your Servers" > /var/www/

Change the permission of the directory.

sudo chown -R nginx:nginx /var/www/

Test the configuration file syntax with.

sudo nginx -t

Restart the Nginx .

sudo systemctl restart nginx

4.  Install certbot

Before installing certbot, make sure that you have EPEL repository activated by entering this command:

yum -y install epel-release

Make sure yum-utils is installed:

yum -y install yum-utils

Now install Certbot client by executing following command

sudo yum install httpd mod_ssl python-certbot-nginx

Now you create an SSL certificate using the following command (replace with your own domain name).

sudo certbot --nginx -d  -d

If everything goes well you should see the following output.

5.  Automatic Certificate Renewal

A good thing about using Let’s Encrypt is that you can set an automatic certificate renewal.

To set the automatic renewal, enter this following command:

crontab -e

Your text editor will open the default crontab which is an empty text file at this point. Paste in the following line, then save and close it:

15 3 * * * /usr/bin/certbot renew --quiet


That’s All. I hope you learned How to Install Let’s Encrypt Free SSL Certificate For Nginx on CentOS 7.