loading...
Cover image for Add SSL Cert to Nginx

Add SSL Cert to Nginx

aakhtar3 profile image aakhtar3 ・3 min read

Add SSL Cert to Nginx

This tutorial will go over how to add a Namecheap ssl certification to your nginx web server.

Prerequisites

Purchased Namecheap Domain name + SSL

Server is remote accessible with proper software installed

Create SSL Certification

Path

The path the to certs will need to be referenced later in the nginx config.

This example will be using /root as the path.

# Key
/root/example.com.key

# CSR
/root/example.com.key.com.csr

# SSL Bundle
/root/example.com.key_com.crt
/root/intermediate.crt

# SSL Cert
/root/example.com.key.com.chained.crt

Generate CSR

A certificate signing request (CSR) generated by openssl will be used to initialize the process.

  • newKey rsa:2048
    • Generates new private key and cert
    • Using rsa:2048
  • nodes
    • Does not encrypt private key
  • keyout /$PATH/example.com.key
  • out /$PATH/example.com.key.com.csr
openssl req \
    -newkey rsa:2048 \ 
    -nodes \
    -keyout example.com.key \
    -out example.com.key.com.csr

Submit to Namecheap

Use cat to output the value of the csr.

Copy the content and paste it to the Namecheap SSL Vendor CSR step.

cat example.com.key.com.csr

Download SSL Bundle

The SSL vendor will email you a SSL bundle which will used to create your SSL cert.

inermediate.crt

Copy the content form example.com.ca-bundle and paste it into your server to a file called inermediate.crt using nano

nano intermediate.crt
key_com.crt

Copy the content form example.com.crt and paste it into your server to a file called example.com.key_com.crt

nano example.com.key_com.crt
chained.crt

Combine the content from both certs into one file by using cat and the redirect > commands

cat example.com.key_com.crt intermediate.crt > example.com.key.com.chained.crt

Nginx Default Config

Run cat /etc/nginx/sites-enabled/default to see the config that will be edited.

Redirect HTTP:80 -> HTTPS:443

server {
    listen 80;
    server_name 192.168.0.1 example.com;
    rewrite ^/(.*) https://example.com/$1 permanent;
}

Listen HTTPS:443

server {
    listen 443 ssl;
    server_name 192.168.0.1 example.com;

    ssl_certificate /root/example.com.chained.crt;
    ssl_certificate_key /root/example.com.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;

    root /var/www;
    index index.html;

    location / {}
}

Restart Nginx

Verify your changes
nginx -t
Restart Server
service nginx restart

Posted on by:

aakhtar3 profile

aakhtar3

@aakhtar3

📍 NYC 🧘‍♂️ Yogi 🚴‍♂️ Biker 💾 Techie 🕺 Dancer 🎮 Gamer 🧙‍♂️ Wizard ✈️ Traveler 👨‍💻 Architect

Discussion

pic
Editor guide