To install an SSL certificate in Nginx, we will need the following files:
Do you already have them? Let's get started:
Copy the three files to the server. In this manual, we assume that you have uploaded the three files via FTP, but you can do it any other way.
Connect to the server via SSH and access the directory where the certificates are located. If you have uploaded them to the 'web' directory:
cd /var/www/minuevaweb.es/datos/web.
Connect the .crt file with the .ca file, and save it in the Nginx certificates directory:
cat /var/www/minuevaweb.es/data/web/web/certificate.crt /var/www/minuevaweb.es/data/web/certificate.ca >> /etc/nginx/swhosting/ssl/certificates.crt.
Move the .key file to the Nginx certificate directory:
mv /var/www/minuevaweb.es/datos/web/web/certificado.key /etc/nginx/ssl/
Remove the certificate files from the web folder, to make sure they are not public.
rm /var/www/minuevaweb.es/datos/web/web/certificado.crt
rm /var/www/minuevaweb.es/data/web/web/certificate.ca.
Access the certificate directory and change the owner and group of the certificates to root:
cd /etc/nginx/ssl.
chown root:root certificates.crt certificate.key
We have already copied the certificates in the corresponding directory.
Next we proceed to modify the configuration file corresponding to our website:
Access the configuration file directory vhosts:
cd /etc/nginx/sites-enabled/.
Edit the configuration file corresponding to the website where you are installing the SSL certificate. In this example we use the text editor nano, but you can use any other editor:
nano minuevaweb.es.conf.
Make a copy of the first existing block below it, it will be duplicated:
# nginx virtual host for domain 'minuevaweb.com
server {
listen 80;
root "/var/www/minuevaweb.es/datos/web";
index index.html index.php;
server_name minuevaweb.es www.minuevaweb.es;
access_log /var/www/minuevaweb.es/logs/20190307.log;
error_log /var/www/minuevaweb.es/logs/error_20190307.log;
include /etc/nginx/php7.2.conf;
}
(the original file)
server {
listen 80;
root "/var/www/minuevaweb.es/datos/web";
index index.html index.php;
server_name minuevaweb.es www.minuevaweb.es;
access_log /var/www/minuevaweb.es/logs/20190307.log;
error_log /var/www/minuevaweb.es/logs/error_20190307.log;
include /etc/nginx/php7.2.conf;
}
server {
listen 80;
root "/var/www/minuevaweb.es/datos/web";
index index.html index.php;
server_name minuevaweb.es www.minuevaweb.es;
access_log /var/www/minuevaweb.es/logs/20190307.log;
error_log /var/www/minuevaweb.es/logs/error_20190307.log;
include /etc/nginx/php7.2.conf;
}
(the file with the original copy)
server {
listen 443;
...
...
ssl on;
ssl_certificate /etc/nginx/ssl/certificados.crt;
ssl_certificate_key /etc/nginx/ssl/certificado.key;
...
# nginx virtual host for domain 'minuevaweb.es'
server {
listen 80;
root "/var/www/minuevaweb.es/datos/web";
index index.html index.php;
server_name minuevaweb.es www.minuevaweb.es;
access_log /var/www/minuevaweb.es/logs/20190307.log;
error_log /var/www/minuevaweb.es/logs/error_20190307.log;
include /etc/nginx/php7.2.conf;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/certificados.crt;
ssl_certificate_key /etc/nginx/ssl/certificado.key;
root "/var/www/minuevaweb.es/datos/web";
index index.html index.php;
server_name minuevaweb.es www.minuevaweb.es;
access_log /var/www/minuevaweb.es/logs/20190307.log;
error_log /var/www/minuevaweb.es/logs/error_20190307.log;
include /etc/nginx/php7.2.conf;
}
Save the changes you have made. In the nano text editor, you must press the following key combination:
Ctrl + X to save and exit.
Y` key to confirm that you want to overwrite
Enter key
Check that the configuration is correct:
nginx -t
If you get any errors, review the previous steps.
Reload the Nginx configuration to apply the changes:
/etc/init.d/nginx reload.
You are done! Access your site with the https:// prefix to verify that it is working correctly.
