Check Python v2.7.x $ python --version Check open 443 port $ sudo cat /etc/sysconfig/iptables Get certbot from Github $ git clone https://github.com/certbot/certbot Change directory to certbot $ cd certbot Get Cert $ ./certbot-auto certonly --standalone --email EMAIL_ADDRESS_HERE -d DOMAIN_HERE Check auto-gen (cert) files again $ sudo ls /etc/letsencrypt/live/DOMAIN_HERE Backup cert files $ sudo cp -r /etc/letsencrypt/live/DOMAIN_HERE ../sslcert Add SSL server $ sudo vi /etc/nginx/conf.d/default.conf ... #http => https server { listen 80; server_name localhost; return 301 https://$host$request_uri; } #https server server { listen 443 ssl; server_name localhost; #use fullchain.pem instead of cert.pem ssl_certificate /etc/letsencrypt/live/DOMAIN_HERE/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/DOMAIN_HERE/privkey.pem; ... } ... Restart nginx server $ sudo systemctl reload nginx Auto renew $ sudo crontab -e 00 04 14 * * ~/certbot/certbot-auto renew --post-hook "systemctl restart nginx" 1 > /dev/null 2 > /dev/null