(Replace example.com, /PATH/TO/CONTENT, APPNAME and USERNAME with yours.)
$ sudo tee /etc/yum.repos.d/nginx.repo << 'EOF' > /dev/null
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
EOF
$ sudo yum install nginx --enablerepo=nginx
$ sudo firewall-cmd --add-service=http --zone=public --permanent
$ sudo firewall-cmd --add-service=https --zone=public --permanent
$ sudo firewall-cmd --reload
$ sudo systemctl stop nginx
$ cd /opt
$ sudo git clone https://github.com/certbot/certbot
$ cd certbot
$ sudo ./certbot-auto certonly --standalone -d example.com
$ sudo yum install https://centos7.iuscommunity.org/ius-release.rpm
$ sudo sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/ius.repo
$ sudo yum install python36u python36u-devel python36u-pip --enablerepo=ius
$ sudo pip3.6 install uwsgi
Successfully installed uwsgi-2.0.15
$ sudo mkdir -p /etc/uwsgi/vassals
$ sudo nano /etc/uwsgi/vassals/APPNAME_uwsgi.ini
...
$ sudo nano /etc/systemd/system/uwsgi.service
...
$ sudo chown -R nginx:nginx /var/log/uwsgi
$ sudo mkdir -p /var/app/APPNAME
$ sudo chown -R USERNAME:USERNAME /var/app/APPNAME
$ cd /var/app/APPNAME
$ sudo python3.6 -m venv ve
$ source ve/bin/activate
(ve) $ pip install flask
(ve) $ deactivate
$ nano main.py
...
$ sudo chown -R nginx:nginx /var/app/APPNAME
$ sudo mv /etc/nginx/conf.d/default.conf default.conf.original
$ sudo nano /etc/nginx/conf.d/example.com.conf
...
$ sudo nano /etc/logrotate.d/uwsgi
...
$ sudo systemctl restart nginx
$ sudo systemctl start uwsgi
$ sudo systemctl enable uwsgi
Access https://example.com/app/
$ sudo mkdir -p /var/www/letsencrypt
$ sudo /opt/certbot/certbot-auto certonly --webroot -w /var/www/letsencrypt -d example.com --agree-tos --force-renewal -n
$ sudo tee /etc/cron.daily/certbot << 'EOF' > /dev/null
#!/bin/sh
/opt/certbot/certbot-auto renew -q --no-self-upgrade --post-hook "systemctl restart nginx"
EOF
$ sudo chmod 755 /etc/cron.daily/certbot