Hexa's Blog

How to install ssl certificate for nginx with SSLs.com?

28/06/2022 @ Saigon SSL

In this post, I would like to introduce a way to quickly setup SSL certificate for any website with https://www.ssls.com/

Step 1: Generate private key and certificate signing request (csr).

To generate private key and certificate signing request, use the following command with a note of these parameters.

  • -keyout: private key, for example: your_domain.pem
  • -out: certificate signing request, for example your_domain.csr
$ openssl req -new -newkey rsa:2048 -nodes \
              -keyout your_domain.pem \
              -out your_domain.csr \
              -subj /CN=www.hexalink.xyz

Step 2: Via the ssls.com, submit certificate signing request (csr)

[1] Submit Certificate Signing Request
[1] Submit Certificate Signing Request

Step 3: Add a CNAME record in the Domain Manager like Hostinger & Waiting

Step 4: Get certificate issued and download

After the download process, there gonna be three file

  • your_domain.ca-bundle
  • your_domain.crt
  • your_domain.p7b
[2] Download Certificate from ssls.com
[2] Download Certificate from ssls.com

Step 5: Concat bundle your_domain.ca-bundle and your_domain.crt in order with your favorite text editor

when concating, becareful of the missing new line error. This is an example of missing new line.

-----END CERTIFICATE----------BEGIN CERTIFICATE-----

We can name concated file as ssl-bundle.crt.

After this time, there are two file that you need to bring to the nginx server.

  1. Private key file from Step 1, for example: your_domain.pem
  2. Certificate file (ssl-bundle.crt) which is a concat version of your_domain.ca-bundle and your_domain.crt in order.

Step 6: Install private key and certificate file to nginx

Before configure nginx.conf file at /etc/nginx, it’s a need to copy private key file and certificate file to /etc/ssl.

You can choose different directory, but you need to make it up to date in the nginx.conf file.

This is an example of nginx config file, the most important attribute are:

  • listen 443;
  • ssl on;
  • ssl_certificate /etc/ssl/ssl-bundle.crt;
  • ssl_certificate_key /etc/ssl/your_domain.pem;
server {

    listen 443; <----

    ssl on;     <----

    ssl_certificate /etc/ssl/ssl-bundle.crt;       <----

    ssl_certificate_key /etc/ssl/your_domain.pem;  <----

    server_name your_domain;

    access_log /var/log/nginx/nginx.vhost.access.log;

    error_log /var/log/nginx/nginx.vhost.error.log;

    location / {

        root /var/www/;

        index index.html;

    }

}

After finished editing, restart nginx server with systemctl restart nginx and enjoy.

Reference List