Setup SSL/ HTTPS on NGINX on CentOS 8/ AlmaLinux 8/ RockyLinux 8

Installing SSL can usually be a very tedious process. Luckily for us, Certbot has an automated script to easily help us to get SSL/ HTTPS set up with a few command lines.

To start, install Certbot

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

sudo dnf install certbot python3-certbot-nginx

Once Certbot is installed, automatically generate an SSL certificate by running this command. You will be prompted with several inputs to fill in.

certbot --nginx

root@nginx \~# certbot --nginx

root@nginx \~# certbot --nginx

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Enter email address (used for urgent renewal and security notices)

(Enter 'c' to cancel): test@test.com


Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must

agree in order to register with the ACME server. Do you agree?


(Y)es/(N)o: Y


Would you be willing, once your first certificate is successfully issued, to

share your email address with the Electronic Frontier Foundation, a founding

partner of the Let's Encrypt project and the non-profit organization that

develops Certbot? We'd like to send you email about our work encrypting the web,

EFF news, campaigns, and ways to support digital freedom.


(Y)es/(N)o: Y

Account registered.

Please enter the domain name(s) you would like on your certificate (comma and/or

space separated) (Enter 'c' to cancel): yourdomain.com

Requesting a certificate for yourdomain.com

Successfully received certificate.

Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem

Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem

This certificate expires on 2022-04-02.

These files will be updated when the certificate renews.

Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate

Successfully deployed certificate for yourdomain.com to /etc/nginx/conf.d/nginx.conf

Congratulations! You have successfully enabled HTTPS on yourdomain.evoxt.com

We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.


If you like Certbot, please consider supporting our work by:

* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate

* Donating to EFF: https://eff.org/donate-le


root@nginx \~#

With these set up, your domain's SSL setup should be complete.

Note: Your browser might still cache the old self-signed certificate, or the certificate will not update, hence still showing insecure SSL. To fix this, try clearing your browser's cache or try accessing your website with a different browser.

To check SSL status, try using this SSL Checker from Geocerts.

相关推荐
夜影风2 小时前
Redis集群创建时出现“Node xxx.xxx is not empty”问题处理
数据库·redis·缓存
姚不倒2 小时前
F5 SSL Profile 证书卸载深入篇
运维·网络协议·负载均衡·ssl·f5
utf8mb4安全女神2 小时前
【Redis数据库】哨兵集群/redis集群/安装配置/主从复制/数据持久化操作/数据结构/安全限制/PHP redis/
linux·服务器·数据结构·数据库·redis·缓存
烤代码的吐司君5 小时前
Redis IO 多路复用原理与引入原因深度解析
数据库·redis·php
念何架构之路6 小时前
moby-http-api-server
网络·网络协议·http
无小道6 小时前
Redis——redis和mysql的数据同步
数据库·redis·mysql
云栖梦泽在7 小时前
原生 IP、机房 IP、住宅 IP、广播 IP 有何不同?从网络身份到 ASN 识别的技术科普
网络·网络协议·tcp/ip·性能优化
宠友信息7 小时前
资源权限与钱包流水在即时通讯源码后端架构中的设计
java·spring boot·redis·websocket·缓存
_Jimmy_7 小时前
Redis.from_url()连接redis时,redis密码带有#号报错
redis
sukioe8 小时前
从 0 到 1 构建城市公共设施智能报修与派单系统:FastAPI + Vue3 + RabbitMQ + Redis Geo + AI 工作流实践
redis·rabbitmq·fastapi