1. (Optional) Run with sudo user
1
sudo su -
2. Install needed packages and certbot
1
2
3
4
5
yum install epel-release
yum update
yum -y install certbot-nginx
3. Generate certificate
1
certbot --nginx -d redmine.sanhdoan.xyz
4. Create cronjob to auto renew
1
2
3
4
crontab -e
# Run cronjob auto renew at every 23h59. Do nothing if the certificate is not expire
59 23 * * * /usr/bin/certbot renew --quiet
5. (Optional) Update Diffie-Hellman to make certificate stronger
1
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Paste this line at anywhere in server block (in file /etc/nginx/nginx.conf)
1
ssl_dhparam /etc/ssl/certs/dhparam.pem;