Introduction
Installing an SSL Certificate on NGINX ensures a safe connection between your web server and browser. It encrypts the data transmitted over the internet so that it is only visible to the intended recipient.
If you have several NGINX servers, you need to buy and install SSL certificates on each server to activate the HTTPS protocol. To learn more about SSL certificates and how they work, check out our in-depth guide on SSL certificate types.
This article will show you how to install an SSL certificate on NGINX with simple, step-by-step instructions.
Prerequisites
- A server certificate issued by a Certificate Authority for your domain
- Intermediate certificates
- Your private key
- NGINX installed on your system
- A user account with sudo privileges
Install SSL Certificate NGINX Server Steps
This guide assumes you have already generated a certificate signing request and received your SSL certificate issued by a Certificate Authority (CA). If you are yet to obtain a certificate, follow our guide on generating a certificate signing request (CSR) and submitting it to a CA.
Step 1: Combine All Certificates into a Single File
You should have received your SSL certificate via email in the form of a .zip file. Once you download and extract the file, you will see it consists of a server certificate, a root certificate, and an intermediate certificate.
The first step is to combine all three files into one.
You can do this manually, by copying and pasting the content of each file in a text editor and saving the new file under the name ssl-bundle.crt.
You can also do this via command-line. The command to merge the certificates into one file will depend on whether you have separate intermediate files or if these files are inside a single .ca-bundle file.
a) If all three certificates are listed separately, use the command:
cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt
b) If the intermediate certificates are in one bundle, run:
cat your_domain.crt your_domain.ca-bundle >> ssl-bundle.crt
Note: Make sure you save the ssl-bundle.crt
file in the etc/ssl
directory.
Step 2: Edit NGINX Configuration File
Next, configure the NGINX server block (AKA virtual host file) for your server.
If you don’t know the location of the file, run the command:
sudo find nginx.conf
Open the file to make the necessary modifications.
The easiest way to set up the configuration is to copy the original server module, paste it below, and edit the content.
- Start by specifying the server should listen to port 443:
listen 443;
- Make sure the server block includes the line:
ssl on;
- Define the path of the SSL certificate:
ssl_certificate
/etc/ssl/ssl-bundle.crt;
- Specify the directory where the SSL Certificate Key is located:
/path/to/your_private.key;
The configuration file should look similar to the one below:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /path/to/your_private.key;
root /path/to/webroot;
server_name your_domain.com;
}
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /var/www/;
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}
Save and exit the file. Step 3: Restart NGINX Server
For your configuration changes to take place, you need to restart your NGINX server. To do so, run the command:
sudo systemctl restart nginx
Step 4: Verify SSL Certificate
The best way to check you have successfully installed the SSL certificate on NGINX is to connect to your server via browser.
Open a browser of your choice and navigate to your domain using the https protocol:
https://your.domain.com
You should see a locked padlock verifying that the SSL certificate is now set up on your server. as in the image below:
Conclusion
If you have followed the outlined steps above, you should have installed an SSL Certificate on you NGINX server. Make sure to install separate certificates on each machine if you have more than one NGINX server.
Let’s Encrypt is a free certificate authority that allows you to set up protection on your NGINX server. Check out our article on how to set up Let’s Encrypt to secure your Nginx server.