Setting Up Nginx + Spring Boot with FreeSSL.cn on CentOS for Automatic 3‑Month HTTPS Renewal

This guide walks through installing Nginx and Java on CentOS, deploying a Spring Boot JAR, obtaining a free FreeSSL.cn certificate with acme.sh, configuring Nginx for HTTP‑to‑HTTPS redirection and SSL, and enabling automatic three‑month renewal via the built‑in cron job.

LuTiao Programming
LuTiao Programming
LuTiao Programming
Setting Up Nginx + Spring Boot with FreeSSL.cn on CentOS for Automatic 3‑Month HTTPS Renewal

In a CentOS environment, you can combine Nginx and Spring Boot with a free FreeSSL.cn HTTPS certificate that automatically renews every three months by following these steps.

1. Install Nginx

sudo yum install nginx

2. Install Java (if not present)

sudo yum install java

3. Deploy the Spring Boot application

Package your Spring Boot project as a JAR and run it:

java -jar your-spring-boot-app.jar

4. Install acme.sh

curl https://get.acme.sh | sh -s [email protected]

5. Configure Nginx to redirect port 80 to HTTPS

Edit /etc/nginx/nginx.conf and add:

server {
        listen 80;
        server_name ai-ziyuan.techwisdom.cn;
        location / {
            return 301 https://$host$request_uri;
        }
    }

Now requests to http://ai-ziyuan.techwisdom.cn are automatically redirected to https://ai-ziyuan.techwisdom.cn.

6. Obtain the SSL certificate

acme.sh --issue -d *.techwisdom.cn --dns dns_dp --server https://acme.freessl.cn/v2/DV90/directory/xxxxxx

Follow the prompts to complete the issuance.

7. Configure the certificate in Nginx

Add the SSL settings to the http block of /etc/nginx/nginx.conf:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events { worker_connections 1024; }

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    client_max_body_size 100M;

    server {
        listen     443 ssl;
        server_name  ai-ziyuan.techwisdom.cn;
        access_log  /var/log/nginx/ai-ziyuan.techwisdom.cn.access.log;
        error_log  /var/log/nginx/ai-ziyuan.techwisdom.cn.error.log;

        ssl_certificate      /home/server/ssl/*.techwisdom.cn_ecc/*.techwisdom.cn.cer;
        ssl_certificate_key  /home/server/ssl/*.techwisdom.cn_ecc/*.techwisdom.cn.key;
        ssl_session_cache    shared:SSL:30m;
        ssl_session_timeout  60m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
            proxy_read_timeout      300;
            proxy_connect_timeout   300;
            proxy_redirect          off;
            proxy_set_header    Host                $http_host;
            proxy_set_header    X-Real-IP           $remote_addr;
            proxy_set_header    X-Forwarded-Ssl     on;
            proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Proto   $scheme;
            proxy_pass http://localhost:8000;
        }
    }
}

8. Enable automatic certificate renewal

acme.sh creates a cron job that automatically renews the certificate; no manual action is required.

9. Restart Nginx

sudo systemctl restart nginx

After restarting, Nginx serves the Spring Boot application over SSL using the free FreeSSL.cn certificate, and the certificate will renew automatically after three months. Regularly check Nginx and acme.sh logs to ensure everything operates correctly.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

linuxSpring BootNginxServer ConfigurationHTTPSCentOSFreeSSLSSL Automation
LuTiao Programming
Written by

LuTiao Programming

LuTiao Programming is a friendly community offering free programming lessons. We inspire learners to explore new ideas and technologies and quickly acquire job-ready skills.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.