How to Install SSL Certificate on NGINX?
Installing an SSL certificate on your NGINX web server is a great way to secure your website & improve the trustworthiness of your online presence. This guide will provide step-by-step instructions on installing an SSL certificate on your NGINX web server.
The Prerequisites for Installing SSL Certificate on NGINX
- NGINX is installed on your system.
- Server certificate issued by a Certificate Authority
- A user account with sudo privileges
- Intermediate certificates
- Generated CSR for NGINX
- Your private key
Before Installation, you need to follow the CSR Generation process in Nginx
SSL Certificate Installation Steps on NGINX
Step 1: Combine All Certificates into a Single File
The Certificate Authority will provide you the SSL through a Zip folder containing a primary certificate and root & intermediate certificate. You have to merge all three files into a single document.
To do this manually
- Ppen a text editor.
- Rename it to ssl-bundle.crt.
- Copy/paste the encrypted content of each file.
You can make this process a little easy using the command-line:
Run this command if the intermediate certificates are in a single bundle.
cat your_domain.crt your_domain.ca-bundle >> ssl-bundle.crt
Run this command if all three certificates are listed separately.
cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt
Step 2: Edit NGINX Configuration File
Now, it’s time to set up the virtual host file on your machine, it is the NGINX server block that sets up the configuration of your domain.
Open the virtual host file with a text editor; if you don’t know the location it run ‘sudo find nginx.conf‘ command and make the following changes to configure your virtual host file.
- listen 443; to specify that the NGINX should listen to port 443
- ssl on;
- ssl_certificate /etc/ssl/ssl-bundle.crt; to define the path of the SSL certificate.
- /path/to/your_private.key; to specify the directory where the SSL Certificate Key is located.
The Virtual Host file will look like this.
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /path/to/your_private.key;
root /path/to/webroot;
server_name your_domain.com;
}
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location /
{
root /var/www/;
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}
Save and exit the file and restart NGINX Server. Simply run the command:
sudo systemctl restart nginx
Step 3: Verify SSL Certificate Installation
The Final step is to verify the SSL Installation, open a web browser and enter your domain name in the address bar. If you see a padlock and HTTPS in the URL bar, it indicates the SSL is installed perfectly.
Or use our Free SSL Checker tool to ensure the SSL is installed correctly!
Troubleshooting Tips
If you have trouble with your SSL Certificate installation, please check the following points:
- Make sure all certificates are in the correct order.
- Make sure that the private key matches up with the server certificate.
- Check if there is a problem with an intermediate certificate.
- Verify that all files have been uploaded correctly to the server and that you are accessing them from the correct directory.
- If possible, try reinstalling or replacing your SSL Certificate.