Setting up a Signed SSL Certificate on Nginx
Photo by Jason Blackeye on Unsplash
How to add an SSL to a website running on nginx
I recently needed to update the SSL certificate on EnvelopeBudget.com. Below are the notes I took in the process for when I need to do it again in 5 years.
Step 1
Purchase an SSL certificate. I bought a cheap one from namecheap.com.
Step 2
Create CSR (certificate signing request)
1openssl req -newkey rsa:2048 -nodes -keyout envelopebudget.com.key -out envelopebudget.com.csr
Then print it out and copy it to your clipboard.
1cat envelopebudget.csr
Paste CSR into the namecheap admin area
Wait for approval email... submit approval.
SSL cert will be emailed to you in zip file envelopebudget_com.zip
Step 3
Upload the zip file to your server using scp.
1scp envelopebudget_com.zip envelope@envelopebudget.com:~
Unzip the file on your server.
1unzip envelopebudget_com.zip
Concatenate the primary certificates.
1cat envelopebudget_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt
Move all certs to /etc/ssl/localcerts.
1sudo mkdir /etc/ssl/localcerts2sudo mv *.crt *.key *.csr *.zip /etc/ssl/localcerts
Make sure the following is in nginx. (See Setting up a Django Server with PostgreSQL, Nginx, Celery & RabbitMQ)
1ssl on;2ssl_certificate /etc/ssl/localcerts/ssl-bundle.crt;3ssl_certificate_key /etc/ssl/localcerts/envelopebudget.com.key;4ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
Restart nginx.