CodeClouds Color Logo CodeClouds White Logo

WEB HOSTING | 06 November 2019

How to Install a Free SSL Certificate on a CentOS 7 Server with NGINX

In 2019, it’s so easy to get a basic form of SSL that no website should be without it, no matter the use. Not only is it best practice, a non encrypted connection now displays a warning in your browser, which makes loses user trust. In this blog post, we’ll go over how to install a Let’s Encrypt certificate on an NGINX based website.

How to Install a Free SSL certificate

Getting Started

Let’s Encrypt allows you to have an SSL certificate for free, and it with it there’s little excuse to not support SSL on any website, no matter how basic its intended function.

For this tutorial, we’ll be using a server with NGINX running on CentOS 7. Instructions for a different linux distro will be similar, however certain commands may be different.

There are many Let’s Encrypt certificate installers out there to choose from. For this tutorial we’ll be focusing on Certbot, one of the most popular solutions.

Installing Certbot

First, we need to add the EPEL repository.

sudo yum install epel-release

Now, you can install Certbot

sudo yum install certbot python2-certbot-nginx

Now, run the Certbot auto install for nginx

sudo certbot --nginx
Enter Email Address

You’ll be prompted for an email address that will receive renewal reminders and security notices. It’s suggested that while you use a separate email for things concerning the operation of your website, to forward these messages to another email or your mobile device so you don’t miss them.

Term And Condition

After reading and agreeing to the Terms of Service for Let’s Encrypt, you’ll also be greeted with the opportunity to sign up for emails from the electronic frontier foundation.


Next, a prompt will ask you if you’d like to receive emails from Certbot and the Electronic Frontier Foundation. You’ll probably want to deny, especially if you used an email that’s specifically for your website.

Enter Your Domain

Next, you’ll be prompted to enter the domain of the website. You must enter a domain name with an active A DNS record pointing to your webserver, it will not accept an IP address that you may be using for a test website.

A DNS record pointing

From here, you have two options. The first ensures https can function, but it will not force redirect all traffic to HTTPS, and allows HTTP to still function. The second forces all traffic to HTTPS. I always prefer option 2, just make sure it won’t break anything on an existing site. This avoids all browser side warnings about unsecure connections.

HTTPS connection manually

Once you’ve completed the process, you should be greeted with the above message.

Navigate to your website to test it, if you picked option 2 it should force you to HTTPS. If you chose option one you should choose an HTTPS connection manually.

HTTPS connection manually Encrypt SSL certificate on an NGINX website

That’s it! You’ve installed a basic Let’s Encrypt Free SSL certificate on an NGINX website.

If you need help upgrading your existing website, or need someone to make a new one for you, consider hiring offshore developers from CodeClouds.

Originally written November 06, 2019. Last updated September 8th, 2020


Written by Jacob Clancy

Jacob has a bachelor's degree in web development, and his interests and experience go beyond just coding.

  • facebook
  • twitter
  • linkedin
  • pinterest
  • whatsup
Related Articles
Shared Servers, Virtual Private Servers, and Serverless Computing Explained

WEB HOSTING | 22 June 2020

Shared Servers, Virtual Private Servers, and Serverless Computing Explained

Today we’re going over three types of servers- Shared Servers, Virtual Private Servers, and Serverless Computing.

Setting up Ghost with DigitalOcean: a step-by-step guide

WEB HOSTING | 11 June 2019

Setting up Ghost with DigitalOcean: a step-by-step guide

The Ghost blogging platform has huge potential but requires some technical knowhow-we go through the steps to help you launch your blog into the DigitalOcean in 10 minutes or less.