How to install an HTTPS Connection (SSL) certificate for a hosted website on an NGINX server without cPanel or VestaCP

I was saying in a last month's article as more and more websites have switched to secure HTTPS connections and that Firefox Quantum is the first browser to start red flaging HTTP sites as being unsafe for users.
Leaving aside the idea that has begun to grow in the minds of many, such as HTTPS-free sites are unsafe and full of viruses, and those with HTTPS are clean as the tear (a totally false idea otherwise), many server administrators, and sites need to make the same transition from HTTP to HTTPS.
Moving from HTTP protocol to HTTPS involves buying a certified SSLor the use of the certificate provided free of charge by the project Let's EncryptAfter acquiring the SSL certificate, it must installed on the server, thenwebsite configured for switching from http: // to https: //.

Let's see step by step how to install an SSL certificate on a server with NGINX.
Users ofcPanel or VestaCP they have at their fingertips in the management interface dedicated fields where they can put and install SSL certificates. For a user who only available command line from his server console SSH, things get complicated a little. He will have to do upload to certificates si configure NGINX for switching from HTTP to HTTPS.

1. You will be logged on to the server where the HTTPS site is hosted and execute the following command line. Preferably in / etc / nginx / ssl.

openssl req -new -newkey rsa: 2048 -nodes -keyout numedomeniu.key -out numedomeniu.csr

Preferably it is the name of the files .key and .crt to specify the domain name you are about to use. In case you use more in time, know where and where.
Finally, in the folder where the command line was executed, you will get two files. numedomeniu.csr and numedomeniu.key,

2. Buying the SSL certificate and getting .crt and .ca-bundle files.
In our case I boughtPositiveSSL Multi-Domain Certificate de la COMODOvia NAMECHEAP.COM. After the purchase process, you will receive a mail in which you need to activate the SSL certificate. Pass the domain name for which the certificate is used and other data included in the form in your validation request. He will ask you to enter andCSR Code generated above. This is obvious in the "numedomeniu.csr" file. Execute "cat numedomeniu.csr"To copy the content.
At the end you will be asked to do it Domain name validation for which the certificate is used. You have more validation methods. The simplest and fastest one is on a e-mail address made by domain name.
Once past this step, in a few minutes you should receive a mail in which you have attached an archive containing two files. SSL certificate (for example 113029727.crt) and a file like 113029727.ca-bundle.

3. Upload the 2 file to the server in the same place as 1 and combine the contents of the numedomeniu.csr and 113029727.ca-bundle files into a single file. E.g,ssl-domeniu.crt.
Finally, in the newly created file,ssl-domeniu.crt must have three certificate codes, the first being in the file113029727.crt.

4. The next step is to configure NGINX for HTTPS.
Assuming you have already configured it for HTTP, you only have to add the following lines to the domain's nginx configuration file:

server { listen 80; server_name numedomeniu.tld www.numedomeniu.tld; rewrite ^ https: // $ server_name $ request_uri permanently; } server { listen 443 ssl; server_name numedomeniu.tld www.numedomeniu.tld; ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH + AESGCM: DH + AESGCM: ECDH + AES256: DH + AES256: ECDH + AES128: DH + AES: ECDH + 3DES: DH3ES: RSA + AESGCM: RSA + AES: RSA + 3DES :! DSS; ssl_certificate /etc/nginx/ssl/ssl-domeniu.crt; ssl_certificate_key /etc/nginx/ssl/numedomeniu.key; ssl_prefer_server_ciphers on;

On the "ssl_certificate"And"ssl_certificate_key"You have to go the exact path in the server to the two files. The line "rewrite"Is to do permanent redirection from http to https, so there is no risk of having a duplicate site on HTTP and HTTPS.

5. Restart NGINX.

systemctl restart nginx

or

service nginx restart

Depending on the CMS you use on the website: WordPress, Drupal, Magento, Joomla, Prestashop, etc. CMS, you will need to configure your database and other files to have a valid HTTPS website.
If you say that you have a photo in a web page starting with "http: //", that page will not be valid HTTPS, and the indicator lock will not be present in the address bar of the browser web.

How to install an HTTPS Connection (SSL) certificate for a hosted website on an NGINX server without cPanel or VestaCP

About the author

Stealth

Passionate about everything that means gadgets and IT, I write with pleasure stealthsettings.com from 2006 and I like to discover with you new things about computers and operating systems macOS, Linux, Windows, iOS and Android.

Leave a Comment