Using SSL (short for Secure Socket Layer) is vital to keeping your site’s visitors safe as well as improving your webpage’s ranking on search engines. Without SSL, the data and information sent between your web server and your site’s visitors can be seen by third parties that are transmitting that data. With SSL, this data is encrypted, and only you and your visitors can see the information, keeping both sides safer.

Let’s Encrypt lets you set up an SSL certificate on your server for free. Their goal was to make SSL a commodity and give everyone the ability to have a safe and secure website. Let’s Encrypt makes the process of installing/renewing certificates easy for most users. This is very useful for making your website secure without needing the technical knowledge that is usually expected. Google and other search engines further encourage securing your website by giving websites that use SSL a higher ranking than websites without SSL.

In this guide, we will use the Certbot tool from EFF (https://certbot.eff.org).

Prerequisites

As a requirement, we need to install the Extra Packages for Enterprise Linux (EPEL) package. You will need a server or VPS running CentOS 7, and a user that has sudo privileges, or access to the root user itself. Assume the following commands described here are performed by the root user. Let’s install the EPEL package:

$ yum install epel-release

Then update the packages in the system to add the new package lists to the package manager:

$ yum update

1. Install and Start Nginx

If you haven’t done so already, install Nginx and start it:

$ yum install nginx

$ service nginx start

You can also set up Nginx to start automatically after the server boots up by running this command:

$ systemctl enable nginx

Now that our Nginx server is running, we can install Certbot.

2. Install Certbot

Now, we will install certbot by running this command:

$ yum install certbot-nginx

The next command will install a Let’s Encrypt SSL certificate using the Nginx plugin. This will automatically modify your Nginx configuration by adding the relevant lines containing the paths to the certificate and private key created by Certbot, before finally reloading Nginx.

$ certbot --nginx

Simply follow the guide that Certbot provides, enter your email, and your server should now have SSL set up!

3. Automating Renewal

A Let’s Encrypt-issued SSL certificate is valid for 90 days. However, we can automate the process of renewing the certificate by adding a cronjob that periodically checks the expiry status of the certificate and renews the certificate if needed.

In the command line, open your crontab file:

$ crontab -e

This will open a text editor where you can add the following:

0 2 * * * /usr/bin/certbot renew --quiet

This line says to run the certbot command at 2:00 am, every day. The –quiet option tells certbot not to produce any output. Save and exit from the editor.

Firewall settings (optional)

CentOS 7 comes with the default firewall program called firewalld. You may choose to completely disable this to guarantee that no connections will be stopped from/to your server. However, if you wish to use it on your system, you need to configure firewalld to allow HTTPS access to your server.

The following command configures firewalld to allow both HTTP and HTTPS connections.

$ firewall-cmd --permanent --add-service=http --add-service=https

Reload the the firewall in order for the changes to take effect:

$ firewall-cmd --reload

That’s all there is to it – you now have your firewall running while still allowing for HTTP and HTTPS requests to come through.

Congratulations! You have successfully set up Let’s Encrypt SSL using Certbot with Nginx support.

While Let’s Encrypt does make their certificate installation pretty straightforward, that’s not all that needs to be done on a website. Our fully managed CentOS support services provide you with complete and comprehensive support and maintenance for your server, including any requests you have for software installation and configuration. We do everything you could ever need for your server’s health and performance.

If this tutorial helped you set up Let’s Encrypt on your CentOS 7 server or VPS, please consider leaving a comment letting us know how it helped, or you can share this post on social media by using our share shortcuts. Thanks.

The post How to Install Let’s Encrypt on CentOS 7 with Nginx appeared first on LinuxHostSupport.

Let’s Encrypt has an automated installer called Certbot. With Certbot you can very easily add a certificate to your site in just a couple of minutes. Certbot can be used on both Nginx and Apache server and it is supported on various Linux distributions such us Ubuntu, Debian or CentOS. For the purposes of this tutorial, we will show you how to install Let’s Encrypt SSL certificate on Ubuntu 16.04 with Apache web server.

1. Install Certbot

To install Certbot, simply run the following commands:

apt-get install software-properties-common python-software-properties
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-apache

2. Install Let’s Encrypt SSL Certificate

To install a Let’s Encrypt SSL certificate on your domain, execute the following command (make sure you replace ‘yourdomain.com’ with your actual domain name):

certbot --apache -d yourdomain.com

You will then be asked for an email address and to read and accept the Terms of Services. This is how the output should look like during the installation:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@yourdomain.com

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for yourdomian.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

3. Redirect HTTP to HTTPS

Additionally, you can also make a choice if you would like to redirect all the HTTP traffic to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://yourdomain.com

4. Automatic renewal

You can also create a cron job in order to set up an automatic SSL renewal. To do this first run:

crontab -e

and then add the following:

0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

Save the file and close it. Restart the cron service so the changes can take effect:

service cron restart

That’s it. You can now open https://yourdomain.com in your browser and verify whether the Let’s Encrypt SSL certificate has been installed properly.

Of course, you don’t have to install Let’s Encrypt SSL Certificate using Certbot if you use one of our Linux Server Support Services in which case you can simply ask our expert Linux admins to install Let’s Encrypt using Certbot for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on how to install Let’s Encrypt SSL Certificate using Certbot, please share it with your friends on the social networks using the buttons on the right or simply leave a reply below. Thanks.

The post Install Let’s Encrypt SSL Certificates using Certbot appeared first on LinuxHostSupport.