{"id":33655,"date":"2020-09-23T16:03:33","date_gmt":"2020-09-23T21:03:33","guid":{"rendered":"https:\/\/www.rosehosting.com\/blog\/?p=33655"},"modified":"2022-06-03T03:32:40","modified_gmt":"2022-06-03T08:32:40","slug":"how-to-install-lets-encrypt-on-centos-8-with-nginx","status":"publish","type":"post","link":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/","title":{"rendered":"How to Install Let\u2019s Encrypt on CentOS 8 With Nginx"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div>\n<figure class=\"wp-block-image size-full is-style-default\"><img decoding=\"async\" width=\"742\" height=\"372\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg\" alt=\"How to Install Let's Encrypt on CentOS 8 With Nginx\" class=\"wp-image-34295\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg 742w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx-300x150.jpg 300w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx-150x75.jpg 150w\" sizes=\"(max-width: 742px) 100vw, 742px\" \/><\/figure>\n\n\n\n<p>In this tutorial, we will explain how to install a free Let\u2019s Encrypt SSL certificate on a <a href=\"https:\/\/www.rosehosting.com\/centos-hosting.html\">CentOS 8 VPS<\/a> with Nginx as a web server.<\/p>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"alignright size-large\"><img decoding=\"async\" width=\"115\" height=\"115\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/configure-lets-encrypt-ssl-certificate-on-centos-8-vps.jpg\" alt=\"Configure Let's Encrypt SSL Certificate on CentOS 8 VPS\" class=\"wp-image-34296\"\/><\/figure><\/div>\n\n\n\n<p>Let&#8217;s Encrypt is a free, open-source and non-profit certificate authority that provides free SSL certificates for websites to enable TLS encryption. It was developed by the Internet Security Research Group (ISRG) and trusted by all major browsers. It is used to automate the process of certificate creation, validation, signing, implementation, and renewal of certificates for secure websites.<\/p>\n\n\n\n<p>The main aim of Let&#8217;s Encrypt is to promote the use of SSL across the web and make encrypted connections throughout the Internet, keeping everyone safer in the process. The certificate is valid for only 90 days, so you will need to renew it manually or or set up the auto renewal system, which should be enabled by default.<\/p>\n\n\n\n<p>Currently, Let\u2019s encrypt supports automated certification issuance for Apache, Nginx, Plex, and HAproxy, which should cover almost everyone&#8217;s use case. Let&#8217;s start with our install guide.<\/p>\n\n\n\n<!--more-->\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-662c0cc24a0a9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-662c0cc24a0a9\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#Prerequisites\" title=\"Prerequisites\">Prerequisites<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#Step-1-Log-in-and-Update-Packages\" title=\"Step 1: Log in and Update Packages\">Step 1: Log in and Update Packages<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#Step-2-Install-Nginx-and-PHP\" title=\"Step 2: Install Nginx and PHP\">Step 2: Install Nginx and PHP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#Step-3-Configure-PHP-FPM\" title=\"Step 3: Configure PHP-FPM\">Step 3: Configure PHP-FPM<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#Step-4-Create-an-Nginx-Virtual-Host\" title=\"Step 4: Create an Nginx Virtual Host\">Step 4: Create an Nginx Virtual Host<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#Step-5-Install-the-Certbot-Client\" title=\"Step 5: Install the Certbot Client\">Step 5: Install the Certbot Client<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#Step-6-Access-Your-Website\" title=\"Step 6: Access Your Website\">Step 6: Access Your Website<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#Step-7-Set-up-Automatic-Renewal\" title=\"Step 7: Set up Automatic Renewal\">Step 7: Set up Automatic Renewal<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\" id=\"h-prerequisites\"><span class=\"ez-toc-section\" id=\"Prerequisites\"><\/span>Prerequisites<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul><li>For the purpose of this tutorial, we will use a <a href=\"https:\/\/www.rosehosting.com\/centos-hosting.html\">CentOS 8 VPS<\/a>.<\/li><li>Full SSH root access or a user with sudo privileges is also required. Our VPSes all come with root access included by default at no extra cost.<\/li><li>A valid domain name is pointed towards your VPS IP address.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-step-1-log-in-and-update-packages\"><span class=\"ez-toc-section\" id=\"Step-1-Log-in-and-Update-Packages\"><\/span>Step 1: Log in and Update Packages<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>First, we\u2019re going to need to log into our server using SSH. You can do that by entering this command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh root@IP_Address -p Port_Number<\/pre>\n\n\n\n<p>Remember to replace &#8220;root&#8221; with your username if you are not using the root user. Change &#8220;IP_Address&#8221; and &#8220;Port_Number&#8221; according to your server\u2019s IP address and SSH port number. The default SSH port number is 22.<\/p>\n\n\n\n<p>Once you are logged in, you should update all of your packages to their latest available versions.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">dnf update -y<\/pre>\n\n\n\n<p>Once the updates are completed, restart your system to apply the changes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-step-2-install-nginx-and-php\"><span class=\"ez-toc-section\" id=\"Step-2-Install-Nginx-and-PHP\"><\/span>Step 2: Install Nginx and PHP<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>First, install the Nginx webserver and PHP by running the following command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">dnf install nginx php php-fpm php-cli -y<\/pre>\n\n\n\n<p>Once all packages are installed, start the Nginx and PHP-FPM services and enable them to start at boot with the following command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl start nginx\nsystemctl enable nginx\nsystemctl start php-fpm\nsystemctl enable php-fpm<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-step-3-configure-php-fpm\"><span class=\"ez-toc-section\" id=\"Step-3-Configure-PHP-FPM\"><\/span>Step 3: Configure PHP-FPM<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>By default, PHP-FPM is configured to run as the Apache user and group. In this tutorial, we will use the Nginx webserver. This means that you will need to configure PHP-FPM to run as an Nginx user and group.<\/p>\n\n\n\n<p>To do so, edit the PHP-FPM configuration file:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nano \/etc\/php-fpm.d\/www.conf<\/pre>\n\n\n\n<p>Change the user and group value from <code>apache<\/code> to <code>nginx<\/code>, as shown below:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">user = nginx\ngroup = nginx\n<\/pre>\n\n\n\n<p>Save and close the file when you are finished. Then, restart the PHP-FPM service to apply the changes:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart php-fpm<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-step-4-create-an-nginx-virtual-host\"><span class=\"ez-toc-section\" id=\"Step-4-Create-an-Nginx-Virtual-Host\"><\/span>Step 4: Create an Nginx Virtual Host<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Before starting, create a sample website for Nginx.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mkdir \/var\/www\/html\/yourdomain.com<\/pre>\n\n\n\n<p>Next, create a sample PHP file inside the website directory and open it with your preferred text editor:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nano \/var\/www\/html\/yourdomain.com\/index.php<\/pre>\n\n\n\n<p>Add the following lines to the file:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;?php\nphpinfo();\n?&gt;\n<\/pre>\n\n\n\n<p>Save and close the file, then set the ownership of your website to <code>nginx<\/code> with the following command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">chown -R nginx:nginx \/var\/www\/html\/yourdomain.com\/<\/pre>\n\n\n\n<p>Next, create a new Nginx virtual host configuration file that will serve your website:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nano \/etc\/nginx\/conf.d\/yourdomain.com.conf<\/pre>\n\n\n\n<p>Add the following lines:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">server {\nserver_name <span class=\"has-inline-color has-vivid-red-color\">yourdomain.com<\/span>;\nroot \/var\/www\/html\/<span class=\"has-inline-color has-vivid-red-color\">yourdomain.com<\/span>;\nlocation \/ {\nindex index.php;\n}\naccess_log \/var\/log\/nginx\/<span class=\"has-inline-color has-vivid-red-color\">yourdomain<\/span>.access.log;\nerror_log \/var\/log\/nginx\/<span class=\"has-inline-color has-vivid-red-color\">yourdomain<\/span>.error.log;\nlocation ~ \\.php$ {\nfastcgi_pass unix:\/run\/php-fpm\/www.sock;\nfastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\ninclude \/etc\/nginx\/fastcgi_params;\n}\n}\n<\/pre>\n\n\n\n<p>Make sure you replace all instances of <code>yourdomain<\/code> with your registered domain name.<\/p>\n\n\n\n<p>Save and close the file, then check the Nginx configuration file for any syntax errors with the following command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nginx -t<\/pre>\n\n\n\n<p>You should see the following output:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nginx: the configuration file \/etc\/nginx\/nginx.conf syntax is ok\nnginx: configuration file \/etc\/nginx\/nginx.conf test is successful\n<\/pre>\n\n\n\n<p>Next, restart the Nginx service to apply the configuration changes:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart nginx<\/pre>\n\n\n\n<p>Your web server should now be up and running.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-step-5-install-the-certbot-client\"><span class=\"ez-toc-section\" id=\"Step-5-Install-the-Certbot-Client\"><\/span>Step 5: Install the Certbot Client<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>In order to generate a Let\u2019s Encrypt certificate for your website, you will need to install the Certbot client in your system.<\/p>\n\n\n\n<p>The Certbot is a command-line tool used to simplifies the process for obtaining and renewing Let\u2019s Encrypt SSL certificates for your website.<\/p>\n\n\n\n<p>By default, Certbot package is not available in the CentOS standard repository. So you will need to download it from the vendor\u2019s website.<\/p>\n\n\n\n<p>You can download and install it with the following command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">wget https:\/\/dl.eff.org\/certbot-auto\nmv certbot-auto \/usr\/local\/bin\/certbot-auto\nchmod 0755 \/usr\/local\/bin\/certbot-auto<\/pre>\n\n\n\n<p>Once the Certbot has been installed, run the following command to obtain and install an SSL certificate for your website:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">certbot-auto --nginx -d yourdomain.com<\/pre>\n\n\n\n<p>The above command will first install all of the required dependencies on your server. Once installed, you will be asked to provide an email address and accept the terms of service, as shown below:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nPlugins selected: Authenticator nginx, Installer nginx\nEnter email address (used for urgent renewal and security notices)\n(Enter 'c' to cancel): admin@yourdomain.com\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:\/\/acme-v02.api.letsencrypt.org\/directory\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(A)gree\/(C)ancel: A\n- - - - - - -  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about our work\nencrypting the web, EFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: N<\/pre>\n\n\n\n<p>Type N if you don&#8217;t wish to share your email to the EFF, then hit Enter to continue. Once the certificate has been installed, you should see the following output:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Obtaining a new certificate\nPerforming the following challenges:\nhttp-01 challenge for yourdomain.com\nWaiting for verification...\nCleaning up challenges\nDeploying Certificate to VirtualHost \/etc\/nginx\/conf.d\/yourdomain.com.conf\nRedirecting all traffic on port 80 to ssl in \/etc\/nginx\/conf.d\/yourdomain.com.conf\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nCongratulations! You have successfully enabled https:\/\/yourdomain.com\nYou should test your configuration at:\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=yourdomain.com\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nIMPORTANT NOTES:\n- Congratulations! Your certificate and chain have been saved at:\n\/etc\/letsencrypt\/live\/yourdomain.com\/fullchain.pem\nYour key file has been saved at:\n\/etc\/letsencrypt\/live\/yourdomain.com\/privkey.pem\nYour cert will expire on 2020-08-30. To obtain a new or tweaked\nversion of this certificate in the future, simply run certbot-auto\nagain with the \"certonly\" option. To non-interactively renew *all*\nof your certificates, run \"certbot-auto renew\"\n- Your account credentials have been saved in your Certbot\nconfiguration directory at \/etc\/letsencrypt. You should make a\nsecure backup of this folder now. This configuration directory will\nalso contain certificates and private keys obtained by Certbot so\nmaking regular backups of this folder is ideal.\n- If you like Certbot, please consider supporting our work by:\nDonating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\nDonating to EFF:                    https:\/\/eff.org\/donate-le\n- We were unable to subscribe you the EFF mailing list because your\ne-mail address appears to be invalid. You can try again later by\nvisiting https:\/\/act.eff.org.\n<\/pre>\n\n\n\n<p>Now, your website is secured with Let&#8217;s Encrypt SSL. You can test your SSL certificate using an online tool.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-step-6-access-your-website\"><span class=\"ez-toc-section\" id=\"Step-6-Access-Your-Website\"><\/span>Step 6: Access Your Website<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Now, open your web browser and access your website securely using the URL <code>https:\/\/yourdomain.com<\/code>.<\/p>\n\n\n\n<p>You should see the following page:<\/p>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"aligncenter\"><img decoding=\"async\" width=\"1024\" height=\"566\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/06\/p1-1-1024x566.png\" alt=\"\" class=\"wp-image-33657\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/06\/p1-1-1024x566.png 1024w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/06\/p1-1-300x166.png 300w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/06\/p1-1-150x83.png 150w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/06\/p1-1-768x424.png 768w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/06\/p1-1.png 1131w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<p>In the above page, you should be able to see that the site is properly secured, usually with a green lock icon on the left edge of the address bar.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-step-7-set-up-automatic-renewal\"><span class=\"ez-toc-section\" id=\"Step-7-Set-up-Automatic-Renewal\"><\/span>Step 7: Set up Automatic Renewal<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Now that we have installed Let&#8217;s Encrypt on our CentOS 8 VPS, we&#8217;ll need to make sure that our certificate stays renewed and valid.<\/p>\n\n\n\n<p>By default, Let\u2019s Encrypt certificates are valid for 90 days. It is recommended to renew the certificate before it expires since an expired certificate will give users a safety warning when they try to visit your website. <\/p>\n\n\n\n<p>You can test the renewal process manually with the following command.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">certbot-auto renew --dry-run<\/pre>\n\n\n\n<p>The above command will automatically check the currently installed certificates and tries to renew them if they are less than 30 days away from the expiration date.<\/p>\n\n\n\n<p>You can also add a cronjob to automatically run the above command twice a day.<\/p>\n\n\n\n<p>To do so, edit the crontab file with the following command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">crontab -e<\/pre>\n\n\n\n<p>Add the following line:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">* *\/12 * * *   root \/usr\/local\/bin\/certbot-auto renew &gt;\/dev\/null 2&gt;&amp;1<\/pre>\n\n\n\n<p>You can always change the interval of this cronjob if twice a day is too often by adjusting the values on the far left.<\/p>\n\n\n\n<p>Save and close the file. Now your certificate will be renewed regularly. Congratulations! You have now installed Let&#8217;s Encrypt on your CentOS 8 server with Nginx.<\/p>\n\n\n\n<hr class=\"wp-block-separator is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"alignleft size-large\"><img decoding=\"async\" width=\"115\" height=\"115\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/managed-ssl-website-support-by-experts-for-centos-vps.jpg\" alt=\"\" class=\"wp-image-34297\"\/><\/figure><\/div>\n\n\n\n<p>Setting up a website with all of the plugins and features that you need can take a lot of time and effort that you could be spending on running your business. If you use one of our <a href=\"https:\/\/www.rosehosting.com\/centos-hosting.html\" target=\"_blank\" rel=\"noreferrer noopener\">managed CentOS 8 hosting<\/a> services, we&#8217;ll do all of the grunt work for you. From server maintenance to installation and configuration requests, we cover everything you need to keep your server in top form, all at no additional cost.<\/p>\n\n\n\n<p><strong><span style=\"color: #ff0000;\"><\/span><\/strong>If this tutorial helped you configure your Nginx website with SSL on your CentOS 8 VPS, please consider leaving a comment in our comments section, or share this post on social media by using our share shortcuts. Thank you.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, we will explain how to install a free Let\u2019s Encrypt SSL certificate on a CentOS 8 VPS &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"How to Install Let\u2019s Encrypt on CentOS 8 With Nginx\" class=\"read-more button\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#more-33655\" aria-label=\"Read more about How to Install Let\u2019s Encrypt on CentOS 8 With Nginx\">Read More<\/a><\/p>\n","protected":false},"author":4,"featured_media":34295,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1699,13],"tags":[1838,1632],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Install Let&#039;s Encrypt on CentOS 8 With Nginx | RoseHosting<\/title>\n<meta name=\"description\" content=\"Our step-by-step guide will show you how to install Let&#039;s Encrypt and add an SSL certificate on your CentOS 8 server using Nginx.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Install Let&#039;s Encrypt on CentOS 8 With Nginx | RoseHosting\" \/>\n<meta property=\"og:description\" content=\"Our step-by-step guide will show you how to install Let&#039;s Encrypt and add an SSL certificate on your CentOS 8 server using Nginx.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/\" \/>\n<meta property=\"og:site_name\" content=\"RoseHosting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RoseHosting\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/rosehosting.helpdesk\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-23T21:03:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-03T08:32:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"742\" \/>\n\t<meta property=\"og:image:height\" content=\"372\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:site\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/\"},\"author\":{\"name\":\"Jeff Wilson\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713\"},\"headline\":\"How to Install Let\u2019s Encrypt on CentOS 8 With Nginx\",\"datePublished\":\"2020-09-23T21:03:33+00:00\",\"dateModified\":\"2022-06-03T08:32:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/\"},\"wordCount\":1106,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg\",\"keywords\":[\"centos 8\",\"Let's Encrypt\"],\"articleSection\":[\"CentOS\",\"Tutorials\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/\",\"name\":\"How to Install Let's Encrypt on CentOS 8 With Nginx | RoseHosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg\",\"datePublished\":\"2020-09-23T21:03:33+00:00\",\"dateModified\":\"2022-06-03T08:32:40+00:00\",\"description\":\"Our step-by-step guide will show you how to install Let's Encrypt and add an SSL certificate on your CentOS 8 server using Nginx.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#primaryimage\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg\",\"contentUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg\",\"width\":742,\"height\":372,\"caption\":\"How to Install Let's Encrypt on CentOS 8 With Nginx\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.rosehosting.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Install Let\u2019s Encrypt on CentOS 8 With Nginx\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#website\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/\",\"name\":\"RoseHosting\",\"description\":\"Premium Linux Tutorials Since 2001\",\"publisher\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.rosehosting.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#organization\",\"name\":\"RoseHosting\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png\",\"contentUrl\":\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png\",\"width\":192,\"height\":192,\"caption\":\"RoseHosting\"},\"image\":{\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/RoseHosting\",\"https:\/\/x.com\/rosehosting\",\"https:\/\/www.linkedin.com\/in\/rosehosting\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713\",\"name\":\"Jeff Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g\",\"caption\":\"Jeff Wilson\"},\"description\":\"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.\",\"sameAs\":[\"https:\/\/www.rosehosting.com\",\"https:\/\/www.facebook.com\/rosehosting.helpdesk\"],\"url\":\"https:\/\/www.rosehosting.com\/blog\/author\/jwilson\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Install Let's Encrypt on CentOS 8 With Nginx | RoseHosting","description":"Our step-by-step guide will show you how to install Let's Encrypt and add an SSL certificate on your CentOS 8 server using Nginx.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/","og_locale":"en_US","og_type":"article","og_title":"How to Install Let's Encrypt on CentOS 8 With Nginx | RoseHosting","og_description":"Our step-by-step guide will show you how to install Let's Encrypt and add an SSL certificate on your CentOS 8 server using Nginx.","og_url":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/","og_site_name":"RoseHosting","article_publisher":"https:\/\/www.facebook.com\/RoseHosting","article_author":"https:\/\/www.facebook.com\/rosehosting.helpdesk","article_published_time":"2020-09-23T21:03:33+00:00","article_modified_time":"2022-06-03T08:32:40+00:00","og_image":[{"width":742,"height":372,"url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg","type":"image\/jpeg"}],"author":"Jeff Wilson","twitter_card":"summary_large_image","twitter_creator":"@rosehosting","twitter_site":"@rosehosting","twitter_misc":{"Written by":"Jeff Wilson","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#article","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/"},"author":{"name":"Jeff Wilson","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713"},"headline":"How to Install Let\u2019s Encrypt on CentOS 8 With Nginx","datePublished":"2020-09-23T21:03:33+00:00","dateModified":"2022-06-03T08:32:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/"},"wordCount":1106,"commentCount":0,"publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg","keywords":["centos 8","Let's Encrypt"],"articleSection":["CentOS","Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/","url":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/","name":"How to Install Let's Encrypt on CentOS 8 With Nginx | RoseHosting","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#primaryimage"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg","datePublished":"2020-09-23T21:03:33+00:00","dateModified":"2022-06-03T08:32:40+00:00","description":"Our step-by-step guide will show you how to install Let's Encrypt and add an SSL certificate on your CentOS 8 server using Nginx.","breadcrumb":{"@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#primaryimage","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2020\/09\/how-to-install-lets-encrypt-on-centos-8-with-nginx.jpg","width":742,"height":372,"caption":"How to Install Let's Encrypt on CentOS 8 With Nginx"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosehosting.com\/blog\/how-to-install-lets-encrypt-on-centos-8-with-nginx\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rosehosting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Install Let\u2019s Encrypt on CentOS 8 With Nginx"}]},{"@type":"WebSite","@id":"https:\/\/www.rosehosting.com\/blog\/#website","url":"https:\/\/www.rosehosting.com\/blog\/","name":"RoseHosting","description":"Premium Linux Tutorials Since 2001","publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosehosting.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosehosting.com\/blog\/#organization","name":"RoseHosting","url":"https:\/\/www.rosehosting.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","width":192,"height":192,"caption":"RoseHosting"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RoseHosting","https:\/\/x.com\/rosehosting","https:\/\/www.linkedin.com\/in\/rosehosting\/"]},{"@type":"Person","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713","name":"Jeff Wilson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09271207587f897ab46faaed9b355252?s=96&r=g","caption":"Jeff Wilson"},"description":"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.","sameAs":["https:\/\/www.rosehosting.com","https:\/\/www.facebook.com\/rosehosting.helpdesk"],"url":"https:\/\/www.rosehosting.com\/blog\/author\/jwilson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/33655"}],"collection":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/comments?post=33655"}],"version-history":[{"count":9,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/33655\/revisions"}],"predecessor-version":[{"id":43224,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/33655\/revisions\/43224"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media\/34295"}],"wp:attachment":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media?parent=33655"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/categories?post=33655"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/tags?post=33655"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}