News
New: Web Application Firewall (WAF) in Serverspace
Log in Sign up
Serverspace Black Friday
JH
Joe Harris
November 26 2020
Updated February 28 2025

How to Setup Let’s Encrypt SSL with Nginx on CentOS 8

CentOS Linux NGINX SSL Web server

In this tutorial we will show you how to provide an encrypted HTTPS connection for our site on the Nginx web server using a free Let’s Encrypt SSL certificate. Necessary conditions:

In the Serverspace you can create a server with already installed app "Nginx".

  • Domain name;
  • CentOS 8 server with public IP that appears in the DNS A record of your domain name;
  • Installed Nginx web server.

Installing and configuring snapd

It is better to use snapd to install and maintain Certbot. This way, it will always be updated, and automatic certificate renewal will be pre-configured. To install snapd, use the following commands:

dnf install epel-release; dnf install snapd

Enable and start snapd.

systemctl enable --now snapd.socket

Enable classic snap support.

ln -s /var/lib/snapd/snap /snap

Now reboot the system.

reboot

Check if the latest version of snapd is installed.

snap install core; snap refresh core

Installing the Certbot package

Before installing the Certbot package from snap, you must be sure that there is no other Certbot installed on the system.

dnf remove certbot

Now, install Certbot from snap.

snap install --classic certbot

Run the following command to make sure that Certbot will start.

ln -s /snap/bin/certbot /usr/bin/certbot

Automatic obtaining and installation of Let’s Encrypt SSL certificate on Nginx

We recommend configuring the Nginx virtual host by adding its configuration to the /etc/nginx/conf.d/ folder with the .conf extension. If this is not done, the HTTPS configuration for the domain will be added to the nginx.conf file. Execute the next command to begin the certificate acquisition process and follow the instructions.

certbot --nginx

After the process completes successfully, restart Nginx.

systemctl restart nginx

Redirect from HTTP to HTTPS is configured automatically. Now you can check the result by accessing the domain name in the address bar of your browser.

Automatic SSL certificate renewal

Automatic renewal of the SSL certificate is configured during the installation of Certbot from snap. You can check if the timer is running using this command:

systemctl list-timers | grep certbot

If there is no output, try these locations:

cat /etc/crontab
cat /etc/cron.*/*

You can also run a test run of auto-renewing your certificates:

certbot renew --dry-run

Vote:
5 out of 5
Аverage rating : 5
Rated by: 3
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300
Installing and configuring snapd
Installing the Certbot package
Automatic obtaining and installation of Let’s Encrypt SSL certificate on Nginx
Automatic SSL certificate renewal

Thanks! Please indicate the reason for the low rating so that we can improve the article

Create account

or sign up with

By signing up you agree to the Terms of Service.

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.