How to use Encrypt SSL for Nginx
1.First, install the EPEL (Extra Packages for Enterprise Linux) repository:
$ sudo yum install epel-release
2.need git in order to download the Let’s Encrypt client. To install git, run:
$ sudo yum install git
3.Download the Let’s Encrypt Client
$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
4.Set Up the SSL Certificate
$ cd /opt/letsencrypt
$ ./certbot-auto certonly --standalone -d example.com -d www.example.com
example.com is your domain name!!!! /etc/letsencrypt/live/ will save the pem.
5.Generate Strong Diffie-Hellman Group
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
This may take a few minutes but when it's done you will have a strong DH group at /etc/ssl/certs/dhparam.pem.
6.Configure TLS/SSL on Web Server (enter Nginx nginx.conf) add,
listen 443;
ssl on;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
7.setup auto renew
crontab -e
29 2 * * 1 /etc/init.d/nginx stop
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
31 2 * * 1 /etc/init.d/nginx start