In this article you will learn how to install an SSL certificate on an NGINX web server and set up an HTTPS redirect.
Before You Start
Please make sure you have downloaded your certificate files. Still haven't downloaded your certificate? To get instructions for how to download your certificate (.zip), you can click here.
After downloading your certificate, you should have a ZIP containing the following certificate files:
- certificate.crt
- ca_bundle.crt
- private.key
-
Upload Certificate Files
First and foremost, you will need to upload the certificate files above (certificate.crt, ca_bundle.crt and private.key) to your NGINX server in a directory of your choice.
-
Merge .crt Files
NGINX requires all .crt files to be merged in order to allow SSL installation. You will need to run the following command in order to merge your certificate.crt and ca_bundle.crt files.
$ cat certificate.crt ca_bundle.crt >> certificate.crt
-
Edit Virtual Hosts File
Next, you will need to find your NGINX virtual hosts file and add some code to point it to your new SSL certificate. As soon as you have opened your virtual hosts file, create a copy of the existing non-secure server module and paste it below the original.
Please note
If you need your site to be accessible through both HTTPS (secure) and HTTP (non-secure), you will need a separate server module for each connection type.
Add the lines in bold to your virtual hosts file:
server { listen 443 ssl; ssl on; ssl_certificate /etc/ssl/certificate.crt; ssl_certificate_key /etc/ssl/private.key; server_name your.domain.com; access_log /var/log/nginx/nginx.vhost.access.log; error_log /var/log/nginx/nginx.vhost.error.log; location / { root /home/www/public_html/your.domain.com/public/; index index.html; } }
-
Restart the Server
Finally, you will need to restart your NGINX server in order for your changes to come into effect. You can run the command below to restart your NGINX server:
sudo /etc/init.d/nginx restart
-
Check Installation
You have completed all required steps to install your SSL certificate. To check whether or not your certificate has been installed correctly, simply use the built-in ZeroSSL "Check Installation" tool or try accessing your domain using HTTPS, e.g. https://domain.com.
Congratulations
Your site has now been secured using your new SSL certificate!
💡 Do you have Feedback to the installation of your SSL certificate?