Setup SSL/ HTTPS on NGINX on CentOS 8/ AlmaLinux 8/ RockyLinux 8

Installing SSL can usually be a very tedious process. Luckily for us, Certbot has an automated script to easily help us to get SSL/ HTTPS set up with a few command lines.

To start, install Certbot

sudo dnf install

sudo dnf install certbot python3-certbot-nginx

Once Certbot is installed, automatically generate an SSL certificate by running this command. You will be prompted with several inputs to fill in.

certbot –nginx

[root@nginx ~]# certbot –nginx

[root@nginx ~]# certbot –nginx

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Enter email address (used for urgent renewal and security notices)

(Enter ‘c’ to cancel):

Please read the Terms of Service at

. You must

agree in order to register with the ACME server. Do you agree?

(Y)es/(N)o: Y

Would you be willing, once your first certificate is successfully issued, to

share your email address with the Electronic Frontier Foundation, a founding

partner of the Let’s Encrypt project and the non-profit organization that

develops Certbot? We’d like to send you email about our work encrypting the web,

EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: Y

Account registered.

Please enter the domain name(s) you would like on your certificate (comma and/or

space separated) (Enter ‘c’ to cancel): yourdomain.com

Requesting a certificate for yourdomain.com

Successfully received certificate.

Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem

Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem

This certificate expires on 2022-04-02.

These files will be updated when the certificate renews.

Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate

Successfully deployed certificate for yourdomain.com to /etc/nginx/conf.d/nginx.conf

Congratulations! You have successfully enabled HTTPS on yourdomain.evoxt.com

We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting .

If you like Certbot, please consider supporting our work by:

• Donating to ISRG / Let’s Encrypt:

• Donating to EFF:

[root@nginx ~]#

With these set up, your domain’s SSL setup should be complete.

Note: Your browser might still cache the old self-signed certificate, or the certificate will not update, hence still showing insecure SSL. To fix this, try clearing your browser’s cache or try accessing your website with a different browser.

To check SSL status, try using this from Geocerts.