How to install SSL certificate in Nginx

Before starting the tutorial, don't you have a Cloud Linux server where you can install your nginx web server? Don't worry! With just one click, you can easily deploy it with SW Hosting.

cta:cloud_so

To install an SSL certificate in Nginx, we will need the following files:

  • Certificate (.crt)
  • Private key (.key)
  • Certificate Authority (.ca)

Do you already have them? Let's get started:

  1. Copy the three files to the server. In this manual, we assume that you have uploaded the three files via FTP, but you can do it any other way.

  2. Connect to the server via SSH and access the directory where the certificates are located. If you have uploaded them to the 'web' directory: cd /var/www/minuevaweb.es/datos/web.

  3. Connect the .crt file with the .ca file, and save it in the Nginx certificates directory: cat /var/www/minuevaweb.es/data/web/web/certificate.crt /var/www/minuevaweb.es/data/web/certificate.ca >> /etc/nginx/swhosting/ssl/certificates.crt.

  4. Move the .key file to the Nginx certificate directory: mv /var/www/minuevaweb.es/datos/web/web/certificado.key /etc/nginx/ssl/

  5. Remove the certificate files from the web folder, to make sure they are not public. rm /var/www/minuevaweb.es/datos/web/web/certificado.crt rm /var/www/minuevaweb.es/data/web/web/certificate.ca.

  6. Access the certificate directory and change the owner and group of the certificates to root: cd /etc/nginx/ssl. chown root:root certificates.crt certificate.key

We have already copied the certificates in the corresponding directory.

Next we proceed to modify the configuration file corresponding to our website:

  • Access the configuration file directory vhosts: cd /etc/nginx/sites-enabled/.

  • Edit the configuration file corresponding to the website where you are installing the SSL certificate. In this example we use the text editor nano, but you can use any other editor: nano minuevaweb.es.conf.

  • Make a copy of the first existing block below it, it will be duplicated:

# nginx virtual host for domain 'minuevaweb.com
server {
        listen 80;
        root "/var/www/minuevaweb.es/datos/web";
        index index.html index.php;
        server_name minuevaweb.es www.minuevaweb.es;
        access_log /var/www/minuevaweb.es/logs/20190307.log;
        error_log /var/www/minuevaweb.es/logs/error_20190307.log;
        include /etc/nginx/php7.2.conf;
}

(the original file)

server {
        listen 80;
        root "/var/www/minuevaweb.es/datos/web";
        index index.html index.php;
        server_name minuevaweb.es www.minuevaweb.es;
        access_log /var/www/minuevaweb.es/logs/20190307.log;
        error_log /var/www/minuevaweb.es/logs/error_20190307.log;
        include /etc/nginx/php7.2.conf;
}
server {
        listen 80;
        root "/var/www/minuevaweb.es/datos/web";
        index index.html index.php;
        server_name minuevaweb.es www.minuevaweb.es;
        access_log /var/www/minuevaweb.es/logs/20190307.log;
        error_log /var/www/minuevaweb.es/logs/error_20190307.log;
        include /etc/nginx/php7.2.conf;
}

(the file with the original copy)

  • In the second block, we modify the port from 80 to 443:
server {
        listen 443;
        ...
  • In the second block, after the port (parameter listen), we add the following lines with the paths corresponding to our certificates:
        ...
        ssl on;
        ssl_certificate /etc/nginx/ssl/certificados.crt;
        ssl_certificate_key /etc/nginx/ssl/certificado.key;
        ...
  • It will be as follows:
# nginx virtual host for domain 'minuevaweb.es'
server {
        listen 80;
        root "/var/www/minuevaweb.es/datos/web";
        index index.html index.php;
        server_name minuevaweb.es www.minuevaweb.es;
        access_log /var/www/minuevaweb.es/logs/20190307.log;
        error_log /var/www/minuevaweb.es/logs/error_20190307.log;
        include /etc/nginx/php7.2.conf;
}
server {
        listen 443;
        ssl on;
        ssl_certificate /etc/nginx/ssl/certificados.crt;
        ssl_certificate_key /etc/nginx/ssl/certificado.key;
        root "/var/www/minuevaweb.es/datos/web";
        index index.html index.php;
        server_name minuevaweb.es www.minuevaweb.es;
        access_log /var/www/minuevaweb.es/logs/20190307.log;
        error_log /var/www/minuevaweb.es/logs/error_20190307.log;
        include /etc/nginx/php7.2.conf;
}
  • Save the changes you have made. In the nano text editor, you must press the following key combination: Ctrl + X to save and exit. Y` key to confirm that you want to overwrite Enter key

  • Check that the configuration is correct: nginx -t If you get any errors, review the previous steps.

  • Reload the Nginx configuration to apply the changes: /etc/init.d/nginx reload.

You are done! Access your site with the https:// prefix to verify that it is working correctly.

Remember that if you do not yet have a Cloud server with a Linux operating system, you can easily deploy it with SW Hosting.

cta:cloud_so


2024 SW Hosting. All rights reserved. The prices shown on the website do not include any applicable taxes.