How to Setup Free Let’s Encrypt SSL Certificate for Nginx on CentOS 7

How to Setup Free Let's Encrypt SSL Certificate for Nginx on CentOS 7

Let’s Encrypt is an open Certificate Authority (CA) that offers free TLS/SSL certificates. Let’s Encrypt allow you to you set up a free SSL certificate on your web server. It is developed by the Internet Security Research Group (ISRG). In simple words, we can say Let’s Encrypt certificates are used to encrypt the communication of server and client.

In this tutorial, we will learn how to obtain and install the Let’s Encrypt SSL certificate with the Nginx web server.


  • Server with CentOS 7 Operating system.
  • Root user or another user with Sudo privilege.
  • Nginx web server must be in the running state.
  • You need to have a registered domain name for which you wish to issue the new Let’s Encrypt SSL certificate.
  • Add DNS records for the Domain. Without DNS records, certbot will not able to verify the domain.

Install the Certbot

  • Install the EPEL repository for package installation.
sudo yum install epel-release -y
  • Now install the certbot-nginx package.
sudo yum install certbot-nginx -y
  • Now check the status of the Nginx Web server.
sudo systemctl status nginx
Checking the Nginx service status

Obtain the Certificate

  • To request the SSL certificate, run the following command.
sudo certbot --nginx -d -d

For the first time, It will ask for a mail. Enter the mail ID and accept the terms and conditions. After obtaining the SSL certificate, it will show an output like this.

SSL certificates have been generated

Setting Up Auto Renewal

Certificates issued by the let’s encrypt are only valid for 90 days. After that it got expired then we need to reissue the SSL certificated again with the certbot command. To avoid this, we can set up auto-renewal of SSL. To set auto-renewal, use the following command.

To set auto-renewal, we need to set a cron in crontab.

  • To open the Crontab, run the following command.
sudo crontab -e
  • Enter the following data in crontab.
0 0 1 */2 *     /usr/bin/certbot renew --quiet


In this tutorial, we have learned about the Let’s Encrypt client certbot, and how we can use certbot to obtain and install the Free SSL on our domain in CentOS 7 with the Nginx web server.

If you guys have any queries related to this tutorial then let me know in the comments section.