How to manually install certificate SSL for website without cPanel / VestaCP [NGINX]

How to manually install certificate SSL for the website is very useful when we have a hosted website without cPanel / VestaCP. tutorial is for NGINX and 'root' access is required to configure for HTTPS.

I was saying in a last month's article as more and more websites have switched to secure connections HTTPS and that Firefox Quantum is the first browser to start red flaging HTTP sites as being unsafe for users.
Leaving aside the idea that has begun to take root in the minds of many, such as sites without HTTPS would be unsafe and full of viruses, and those with HTTPS they are pure as a tear (a totally false idea by the way), many administratorand servers and sites are forced to make the same transition from HTTP to protocol HTTPS.
Moving from HTTP protocol at HTTPS involves buying a certificate SSL or the use of the certificate provided free of charge by the project Let's Encrypt, After purchasing the certificate SSLIt should be installed on the serverthen website configured for the transition from http: // to https: //.

How to manually install certificate SSL (HTTPS Connection) for a website hosted on an NGINX server without cPanel or VestaCP

Let's see step by step how to install a certificate SSL on a server with NGINX.

users cPanel or VestaCP they have at their fingertips in the management interface dedicated fields where they can put and install certificates SSL. For a user who only available command line from his server console SSH, things get complicated a little. He will have to do upload to certificates si configure NGINX for switching from HTTP to HTTPS.

How to manually install certificate SSL on a server with NGINX
How to manually install certificate SSL on a server with NGINX

1. Generate CSR (Certificate Signing Request)

You log in to the server on which the website you want to activate is hosted HTTPS and execute the next command line. Preferably in / etc / nginx /ssl.

openssl req -new -newkey rsa:2048 -nodes -keyout numedomeniu.key -out numedomeniu.csr

Preferably it is the name of the files .key yes .crt to put the domain name for which you are going to use them. In case you will use several over time, know which one and where it is from.
Finally, in the folder where the command line was executed, you will get two files. domainname.csr and domainname.key,

2. Buy a certificate SSL and get the .crt and .ca-bundle files.

In our case I bought PositiveSSL Multi-Domain Certificates full COMODO, via NAMECHEAP.COM. After the purchase process, you will receive an email in which you must activate the certificate SSL. Enter in the validation request the domain name for which the certificate is used and other data included in the form. It will ask you to enter as well CSR Code generated above. You can obviously find it in the "domainname.csr" file. Run “cat numedomeniu.csr”To be able to copy the content.
At the end you will be asked to do it Domain name validation for which the certificate is used. You have more validation methods. The simplest and fastest one is on a e-mail address made by domain name.
Once you have passed this step, in a few minutes you should receive an email in which an archive containing two files is attached.  certificate SSL (113029727.crt for example) and a file like 113029727.ca-bundle.

3. Upload certificate files to the server via FTP / SFTP.

Upload the files from point 2 to the server in the same place where you have those from point 1 and combine the content of the files: domainname.csr and 113029727.ca-bundle into a single file. E.g, ssl-domain.crt.
Finally, in the newly created file, ssl-domain.crt must have three certificate codes, the first being in the file 113029727.crt.

4. Configure NGINX for HTTPS – Adding certificates SSL.

The next step is to configure NGINX for HTTPS.
Assuming you have already configured it for HTTP, you only have to add the following lines to the domain's nginx configuration file:

server {
listen 80;
server_name numedomeniu.tld www.numedomeniu.tld;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
 listen 443 ssl;
 server_name numedomeniu.tld www.numedomeniu.tld;
 ssl on;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
 ssl_certificate /etc/nginx/ssl/ssl-domeniu.crt;
 ssl_certificate_key /etc/nginx/ssl/numedomeniu.key;
 ssl_prefer_server_ciphers on;

On the lines "ssl_certificate"And"ssl_certificate_key"You have to pass the exact path in the server to the two files. The line "rewrite”Is to do permanent redirection from http to https, so there is no risk of having a duplicate site on HTTP and HTTPS.

5. NGINX config check and restart after manually installing the certificate SSL

Before restarting the nginx service, it is good to check a nginx.conf.

nginx -t

If everything is ok with the result of the nginx test, restart the service.

systemctl restart nginx

or

service nginx restart

Depending on the CMS you use on the website: WordPress, Drupal, Magento, Joomla, Prestashop, etc. CMS, you will need to configure your database and other files to have a valid website HTTPS.
If we say that you have in a web page a picture whose path starts with "http: //", that page will not be valid HTTPS, and the indicator lock will not be present in the address bar of the web browser.

Passionate about technology, I enjoy writing on StealthSettings.com since 2006. I have a rich experience in operating systems: macOS, Windows, and Linux, as well as in programming languages and blogging platforms (WordPress) and for online stores (WooCommerce, Magento, PrestaShop).

How to » Web Hosting » How to manually install certificate SSL for website without cPanel / VestaCP [NGINX]
Leave a Comment