Installing SSL Certificate on NGINX

In this article you will learn how to install an SSL certificate on an NGINX web server and set up an HTTPS redirect.

Before You Start

Please make sure you have downloaded your certificate files. Still haven't downloaded your certificate? To get instructions for how to download your certificate (.zip), you can click here.

After downloading your certificate, you should have a ZIP containing the following certificate files:

  • certificate.crt
  • ca_bundle.crt
  • private.key

  • Upload Certificate Files

    First and foremost, you will need to upload the certificate files above (certificate.crt, ca_bundle.crt and private.key) to your NGINX server in a directory of your choice.

  • Merge .crt Files

    NGINX requires all .crt files to be merged in order to allow SSL installation. You will need to run the following command in order to merge your certificate.crt and ca_bundle.crt files.

    $ cat certificate.crt ca_bundle.crt >> certificate.crt
  • Edit Virtual Hosts File

    Next, you will need to find your NGINX virtual hosts file and add some code to point it to your new SSL certificate. As soon as you have opened your virtual hosts file, create a copy of the existing non-secure server module and paste it below the original.

    Please note

    If you need your site to be accessible through both HTTPS (secure) and HTTP (non-secure), you will need a separate server module for each connection type.

    Add the lines in bold to your virtual hosts file:

    server {
    
        listen               443 ssl;
        
        
        ssl                  on;
        ssl_certificate      /etc/ssl/certificate.crt; 
        ssl_certificate_key  /etc/ssl/private.key;
        
        
        server_name  your.domain.com;
        access_log   /var/log/nginx/nginx.vhost.access.log;
        error_log    /var/log/nginx/nginx.vhost.error.log;
        location     / {
        root         /home/www/public_html/your.domain.com/public/;
        index        index.html;
        }
    
    }
    
  • Restart the Server

    Finally, you will need to restart your NGINX server in order for your changes to come into effect. You can run the command below to restart your NGINX server:

    sudo /etc/init.d/nginx restart
  • Check Installation

    You have completed all required steps to install your SSL certificate. To check whether or not your certificate has been installed correctly, simply use the built-in ZeroSSL "Check Installation" tool or try accessing your domain using HTTPS, e.g. https://domain.com.


  Congratulations

Your site has now been secured using your new SSL certificate!

Was this article helpful?
0 out of 2 found this helpful