nginx, let's encrypt, rocky linux,

How to secure Nginx with Let's Encrypt on Rocky Linux 8

Aug 06, 2021 · 2 mins read · Post a comment

Previously we saw How to install Certbot on Rocky Linux 8 depending on your web server, whether it’s Nginx or Apache. In this tutorial, I’m going to show you how to secure your Nginx web server with a free Let’s Encrypt SSL/TLS certificate. Let’s start.


Generate Let’s Encrypt SSL/TLS Certificate

Step 1. You should make sure that your domain is correctly pointed to your server IP address and propagated, before generating a Let’s Encrypt SSL/TLS certificate. There is an online DNS tool that you can use to check it.

Step 2. Run the following command to obtain Let’s Encrypt certificate through Certbot:

sudo certbot --nginx -d -d
  • certbot: Will run Certbot.
  • --nginx: Certbot plugin that we want to use it.
  • -d: Specify the names that you’d like the certificate to be valid for.

Step 3. Now, you need to decide how you’d like to configure the HTTPS settings.


Please choose whether HTTPS access is required or optional.
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select your choice and you should get the following output:

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ Your cert will
   expire on xxxx-xx-xx. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again with the
   "certonly" option. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work

Step 4. Reload Nginx.

 sudo systemctl reload nginx

Open your desired web browser and notice the green lock icon.


This tutorial shows you how to secure Nginx with Let’s Encrypt free SSL/TLS certificate. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.