Add SSL Cert to Nginx
This tutorial will go over how to add a Namecheap ssl certification to your nginx web server.
Prerequisites
Purchased Namecheap Domain name + SSL
Server is remote accessible with proper software installed
Create SSL Certification
Path
The path the to certs will need to be referenced later in the nginx config.
This example will be using /root
as the path.
# Key
/root/example.com.key
# CSR
/root/example.com.key.com.csr
# SSL Bundle
/root/example.com.key_com.crt
/root/intermediate.crt
# SSL Cert
/root/example.com.key.com.chained.crt
Generate CSR
A certificate signing request (CSR) generated by openssl will be used to initialize the process.
- newKey rsa:2048
- Generates new private key and cert
- Using rsa:2048
- nodes
- Does not encrypt private key
- keyout /$PATH/example.com.key
- out /$PATH/example.com.key.com.csr
openssl req \
-newkey rsa:2048 \
-nodes \
-keyout example.com.key \
-out example.com.key.com.csr
Submit to Namecheap
Use cat to output the value of the csr.
Copy the content and paste it to the Namecheap SSL Vendor CSR step.
cat example.com.key.com.csr
Download SSL Bundle
The SSL vendor will email you a SSL bundle which will used to create your SSL cert.
inermediate.crt
Copy the content form example.com.ca-bundle
and paste it into your server to a file called inermediate.crt
using nano
nano intermediate.crt
key_com.crt
Copy the content form example.com.crt
and paste it into your server to a file called example.com.key_com.crt
nano example.com.key_com.crt
chained.crt
Combine the content from both certs into one file by using cat and the redirect > commands
cat example.com.key_com.crt intermediate.crt > example.com.key.com.chained.crt
Nginx Default Config
Run cat /etc/nginx/sites-enabled/default
to see the config that will be edited.
Redirect HTTP:80 -> HTTPS:443
- server_name $IP_ADDRESS $DOMAIN_NAME;
- rewrite ^/(.*) https://example.com/$1 permanent;
server {
listen 80;
server_name 192.168.0.1 example.com;
rewrite ^/(.*) https://example.com/$1 permanent;
}
Listen HTTPS:443
- ssl_certificate /$PATH/example.com.chained.crt;
- ssl_certificate_key /$PATH/example.com.key;
-
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- Supported OpenSSL protocols
-
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
openssl ciphers
-
ssl_prefer_server_ciphers on;
- User Server ciphers over client with SSLv3 and TLS
server {
listen 443 ssl;
server_name 192.168.0.1 example.com;
ssl_certificate /root/example.com.chained.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
root /var/www;
index index.html;
location / {}
}
Restart Nginx
Verify your changes
nginx -t
Restart Server
service nginx restart
Top comments (0)