Skip to main content

Configure Let's Encrypt SSL on CentOS 7

Install Certbot package.

yum install -y certbot

Generate a SSL certificate using DNS verification.

sudo certbot certonly \
--manual \
--agree-tos \
--preferred-challenges=dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--email [email protected] \
--domains jenkins.example.com

Generated certificated will be available under /etc/letsencrypt/live/jenkins.example.com

/etc/letsencrypt/live/jenkins.example.com/fullchain.pem
/etc/letsencrypt/live/jenkins.example.com/privkey.pem

Create /etc/systemd/system/certbot.service SystemD Service.

[Unit]
Description=Renew Let's Encrypt certificates
After=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --renew-hook "/bin/systemctl --no-block reload nginx" --quiet --agree-tos

Create /etc/systemd/system/certbot.timer SystemD Timer to renew the certificates daily, including a randomized delay so that requests for renewal are spread over the day.

[Unit]
Description=Daily renewal of Let's Encrypt's certificates

[Timer]
OnCalendar=daily
RandomizedDelaySec=1day
Persistent=true

[Install]
WantedBy=timers.target

Start and enable certbot.timer

systemctl daemon-reload
systemctl start certbot.timer
systemctl enable certbot.timer

Check whether time is active with the following command

systemctl list-timers certbot.timer
Last updated on by Yasitha Bogamuwa