Skip to main content

Configure Let's Encrypt SSL on CentOS 7

Install Certbot package.

yum install -y certbot

Generate a SSL certificate using DNS verification.

sudo certbot certonly \
--manual \
--agree-tos \
--preferred-challenges=dns \
--server \
--email [email protected] \

Generated certificated will be available under /etc/letsencrypt/live/


Create /etc/systemd/system/certbot.service SystemD Service.

Description=Renew Let's Encrypt certificates

ExecStart=/usr/bin/certbot renew --renew-hook "/bin/systemctl --no-block reload nginx" --quiet --agree-tos

Create /etc/systemd/system/certbot.timer SystemD Timer to renew the certificates daily, including a randomized delay so that requests for renewal are spread over the day.

Description=Daily renewal of Let's Encrypt's certificates



Start and enable certbot.timer

systemctl daemon-reload
systemctl start certbot.timer
systemctl enable certbot.timer

Check whether time is active with the following command

systemctl list-timers certbot.timer