This article will show you how to get free site certificate from Let’s Encrypt CA.
Optional step, Install snapd, with snapd, you can install certbot.
Certbot is the tool to generate certificates for your website.
Add EPEL repository to RHEL7
sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmRun update
sudo yum updateInstall snpad
sudo yum install snapdOnce install complete, enable snapd communication socket
sudo systemctl enable --now snapd.socketEnsure your snapd is up to update
sudo snap install core; sudo snap refresh coreEnable snapd service
sudo systemctl enable snapdTo enable classic snap support
sudo ln -s /var/lib/snapd/snap /snapVerify install
snap versionList all apps installed through snap
snap listOnce you have snapd installed, next step is to use this tool to install certbot.
Use snap command to install certbot
sudo snap install --classic certbotLet certbot generated and automatically update nginx config.
sudo certbot --nginx
# Sample code generated in your /etc/nginx/nginx.conf file
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/your.site/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/your.site/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by CertbotBased on certbot official document, your certificates will be renewed automatically before expire.
Certbot force http request to https, below is configuration example generated by certbot
server {
if ($host = your.site) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name your.site;
return 404; # managed by Certbot
}Clean up old certificates
Run below command to check all issued certificates by certbot
sudo certbot certificatesUse below command to delete the ones no longer used.
sudo certbot delete -d [certificatename]