Skip to content

NGINX OpenSSL Installation

  • The following instructions will guide you through the SSL installation process on Nginx.
  • If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. 
  1. Make sure you have all the following files saved before proceeding:
    • Your Server Certificate - This is the certificate you received from the Sectigo for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard.
    • Intermediate Certificates - These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. 
    • Your Private Key - This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.
  2. Copy the Certificate Files into a directory on your server. Mostly, the certificate files resides under /etc/ssl/certs directory.
    Note: For better security, make them readable by root only.
  3. You need to link the two certificates (or "Concatenate" them) into a single file by entering the command below:

    cat your_domain_name.crt Intermediate.ca_bundle >> ssl-bundle.crt
  4. Edit your Nginx virtual host file. You may find a server block which is listening to 443. You have to assign the certificate and private key to the appropriate directives.
    server {
        listen              443 ssl;
        server_name         yourdomain_name.com;
    
        ssl_certificate     /etc/ssl/certs/ssl-bundle.crt;
        ssl_certificate_key /etc/ssl/certs/private.key;
    
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        #...
    }
    
  5. Restart Nginx using the command line below:

    sudo /etc/init.d/nginx restart      OR    systemctl stop nginx
                                                                       systemctl start nginx

Congratulations! You've successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.