How to Install an SSL/TLS Certificate In Nginx (OpenSSL)

The following instructions will guide you through the SSL installation process on Nginx. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below.

What You’ll Need

1. Your server certificate

This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.

2. Your intermediate certificates

These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.

3. Your private key

This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.

Installation Instructions

1. Copy your Certificate Files

Copy the Certificate Files into the proper directory on your server.

Note: For better security, make them readable by root only.

You need to link the two certificates (or “Concatenate” them) into a single file by entering the command below:

cat your_domain_name.crt Intermediate.crt >> bundle.crt

3. Edit your virtual host file

Edit your Nginx virtual host file. Copy the existing server module (the non-secure one) and paste it below the original before adding the following lines in bold:

server {
  listen443;
    ssl on;
    ssl_certificate /etc/ssl/your_domain_name.pem; (or  bundle.crt)
  ssl_certificate_key /etc/ssl/your_domain_name.key;
    server_name your.domain.com;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
    root  /home/www/public_html/your.domain.com/public/;
    index  index.html;
    }
    }

4. Restart Nginx

Restart Nginx using the command line below:

sudo /etc/init.d/nginx restart

Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.

To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance.

Was this article helpful?

Related Articles