I tried to make the Nginx server website HTTPS with Let's Encrypt

Introduction #

I wanted to be able to communicate with my site via HTTPS, so I tried using Let’s Encrypt, which issues certificates for free.

Environment #

1. CentOS 7 2.nginx

Install Let’s Encrypt #

1. It uses git, so if you haven’t installed it, please install it

[user@123-45-67-89 ~]# sudo yum install git

Install Letsencrypt

[user@123-45-67-89 ~]#git clone https://github.com/letsencrypt/letsencrypt.git

[user@123-45-67-89 ~]# cd letsencrypt

[user@123-45-67-89 letsencrypt]# ./letsencrypt-auto --help

issue a certificate #

[user@123-45-67-89 letsencrypt]# ./letsencrypt-auto certonly --standalone -d [Owned domain name]

If you get the following error

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

This error occurs when starting the http server. Stop nginx with the command below. If you are using apache please stop it as well.

nginx -s stop

run again

[user@123-45-67-89 letsencrypt]# ./letsencrypt-auto certonly --standalone -d [Owned domain]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wiki.ricedoc.com
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/[Owned domain]/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/[Owned domain]/privkey.pem
   Your cert will expire on 2019-08-08.
   version of this certificate in the future, simply run
   letsencrypt-auto again. To non-interactively renew *all* of your
   certificates, run "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
   Donating to EFF: https://eff.org/donate-le

Check if the certificate has been issued. It is successful if the following directory exists.

/etc/letsencrypt/live/[Owned domain]/

Edit nginx.conf #

[user@123-45-67-89 letsencrypt]# vi /etc/nginx/nginx.conf

Please add the following.

server {
    listen 443 ssl;
    server_name [own domain];
    ssl_certificate /etc/letsencrypt/live/[own domain]/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/[Owned domain]/privke
y.pem;
}

Firewall settings #

Configure your firewall to allow https.

[user@123-45-67-89 letsencrypt]# firewall-cmd --add-service=https --zone=public --permanent
[user@123-45-67-89 letsencrypt]# firewall-cmd --reload

Make sure your site is accessible via https. that’s all. good job for today.