Add SSL/HTTPS on a site powered by Linux

July 12, 2020

Add SSL/HTTPS on a site powered by NGIX

This guide gives an overview on how to secure your NGINX powered website with SSL/HTTPS. This was used to secure a WordPress site with Certbot Let’s Encrypt client in CentOS.


By default, Certbot is not available in the CentOS 8 (Linux distribution used for this guide) default repository. So you will need to download it from the Certbot official website. If Certbot is already installed in your Linux distro then please skip this step.

You can download and install Certbot with the following commands:

wget mv certbot-auto /usr/local/bin/certbot-auto chown root /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto

Now, run the following command to obtain and install an SSL certificate for your WordPress website.

certbot-auto --nginx -d

add for all subdomains. Remove the _ for just one domain:

/usr/local/bin/certbot-auto --server -d * --manual --preferred-challenges dns-01 certonly

You will be asked to provide an email address and agree to the terms of service. You will also need to choose whether or not you want to redirect HTTP traffic to HTTPS. Please select the appropriate option and hit the ENTER. Once the installation is successfully finished, you will get the following message:

IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/ Your key file has been saved at: /etc/letsencrypt/live/ Your cert will expire on 2019-08-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew _all_ of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: Donating to EFF:

Auto Renew HTTPS SSL

  • Install Python3 First of all check if your server has Python3 installed with the following line of code:
python3 --version

if it’s installed proceed to the next step. if it isn’t install it with the following command:

sudo dnf install python3
  • Automate the renewal

type crontab -e on your terminal

then, add to the file the following line of code:

0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew

This will run an automated task on your server that will check daily if your certificate is expired and if it is it will be automatically renewed.

  • What can happen

When auto renewal caused by crontab it may fail. In which case we need to manually renew the certificates and debug the reason for such failure. Eventually you can modify the crontab to reflect the command that worked for you.

Personal blog of Joseph, co-founder of With a focus on node and javascript development, blockchain and photography.