Secure Nginx web server with Let's Encrypt on CentOS 7 - Get a Free SSL Certificate

You're founding this page because of you already know what is Nginx and Let's Encrypt. In this simple tutorial you will learn how to install and configure Nginx and Let's Encrypt on CentOS 7.

If you're using Amazon web services or Google Cloud Platform or any other cloud service first make sure you have allowed HTTP and HTTPS access to the VM.

Update your CentOS 7

sudo yum update

Installing and configuring Nginx

sudo yum install nginx

Next we need to point a domain to the server. Run following command.

sudo vi /etc/nginx/nginx.conf

Find the server_name_; line and replace the _ underscore with your domain name.
(By clicking Insert button on keyboard you can edit the file. Press Esc and type :wq and hit Enter will save your config)

e.g: server_name;

By running below commands make sure your setting is successful.

sudo systemctl start nginx
sudo nginx -t 

Setting Firewall

We also need to allow HTTP (port:80) and HTTPS (port:443) via VM local firewall.

If you're running firewalld, run below commands.

sudo firewall-cmd --add-service=http 
sudo firewall-cmd --add-service=https 
sudo firewall-cmd --runtime-to-permanent

If you're running iptables, run following commands. 

sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT 

If you're not sure what is your firewall, just run firewalld and iptables configuration commands. It will not damage your settings.

Obtaining a Certificate using Nginx plugin

Run below command, with your domain names. It will ask you simple questions. Just answer them.

sudo certbot --nginx -d -d 

Updating Diffie-Hellman Parameters

Now you successfully installed and configured done Nginx web server with Let's Encrypt. But if you're checking SSL via SSL Labs, it will show you a B Grade due to weak Diffie-Hellman parameters. We can fix this by creating a new dhparam.pem file and adding it to our server block.

Run following command.

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 

This will take a long time to generate.

After complete go edit again nginx.conf file.

sudo vi /etc/nginx/nginx.conf 

find the below line and comment is using # hash or remove line.

ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

Add below line after it. and save exit.

ssl_dhparam /etc/ssl/certs/dhparam.pem;

Make sure your setting is successful.

sudo nginx -t 

If you have no errors, reload Nginx:

sudo systemctl reload nginx 

Setting Up Auto Renewal

Let's Encrypt certificates only valid for ninety(90) days. So when it will near to expire soon, you will get an email notification. Running following command you can renew certificate yourself.

certbot renew 

But it is easy when we use crone jobs. 

Run following command:

sudo crontab -e 

Add following line and save it.

0 0 1 * * /usr/bin/certbot renew --quiet

It will renew your certificate every month. If you need change to custom time period please find the Configuring Cron Tasks on CentOS docs.

You're all done. If anything wrong please let me know. 


How to install Laravel 5 on Windows with Xampp

When you normally install Laravel Framework in a updated system (Chrome and Firefox, privacy error) you'll get a privacy error in web browser. Following steps will save your time.

First you need to download and install Xampp and Composer.

Install Laravel Framework 

Open command prompt and run below command. It will download and install Laravel Framework for you, in C:\Users\USER_NAME directory. 

composer create-project laravel/laravel laravel "5.7.*"

Config Xampp for Virtual Host

Open httpd-vhosts.conf file via your favorite notepad. In default it locates at C:\xampp\apache\conf\extra directory. Add following lines at the end of the file.

# VirtualHost for LARAVEL.TEST

   <VirtualHost laravel.test:80>   
    DocumentRoot "C:\Users\USER_NAME\laravel\public"   
    ServerAdmin laravel.test   
    <Directory "C:\Users\USER_NAME\laravel">         
      Options Indexes FollowSymLinks         
      AllowOverride All         
      Require all granted   

Then open and edit hosdmin privileges(run notepad as admin) which located on C:\Windows\System32\drivers\etc directory. add following line and save it. laravel.test

Now you have successfully installed and configured done for Laravel Framework. Navigate to laravel.test  via your favorite web browser.

Setup your own VPN Server

This video will guide you to how to setup your own VPN server on Google Cloud Platform.

 This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible.


Run the script and follow the assistant:

wget && sudo bash

Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.

Download OpenVPN client: