How to install an HTTPS Connection (SSL) certificate for a hosted website on an NGINX server without cPanel or VestaCP

I was saying in a last month's article as more and more websites have switched to secure HTTPS connections and that Firefox Quantum is the first browser to start red flaging HTTP sites as being unsafe for users.
Leaving aside the idea that has begun to grow in the minds of many, such as HTTPS-free sites are unsafe and full of viruses, and those with HTTPS are clean as the tear (a totally false idea otherwise), many server administrators, and sites need to make the same transition from HTTP to HTTPS.
Moving from HTTP protocol to HTTPS involves buying a SSL certificate or the use of the certificate provided free of charge by the project Let's EncryptAfter acquiring the SSL certificate, it must installed on the serverthen website configured for switching from http: // to https: //.

Let's see step by step how to install an SSL certificate on a server with NGINX.
users cPanel or VestaCP they have at their fingertips in the management interface dedicated fields where they can put and install SSL certificates. For a user who only available command line from his server console SSH, things get complicated a little. He will have to do upload to certificates si configure NGINX for switching from HTTP to HTTPS.

1. You will be logged on to the server where the HTTPS site is hosted and execute the following command line. Preferably in / etc / nginx / ssl.

openssl req -new -newkey rsa:2048 -nodes -keyout numedomeniu.key -out numedomeniu.csr

Preferably it is the name of the files .key and .crt to specify the domain name you are about to use. In case you use more in time, know where and where.
Finally, in the folder where the command line was executed, you will get two files. domainname.csr and domainname.key,

2. Buying the SSL certificate and getting .crt and .ca-bundle files.
In our case I bought PositiveSSL Multi-Domain Certificate from COMODO, via NAMECHEAP.COM. After the purchase process, you will receive a mail in which you need to activate the SSL certificate. Pass the domain name for which the certificate is used and other data included in the form in your validation request. He will ask you to enter and CSR Code generated above. You can obviously find it in the "domainname.csr" file. Run “cat numedomeniu.csr”To be able to copy the content.
At the end you will be asked to do it Domain name validation for which the certificate is used. You have more validation methods. The simplest and fastest one is on a e-mail address made by domain name.
Once you have passed this step, in a few minutes you should receive an email in which an archive containing two files is attached. SSL certificate (113029727.crt for example) and a file like

3. Upload the files from point 2 to the server in the same place as you and those from point 1 and combine the contents of the files: and into a single file. E.g, ssl-domeniu.crt.
Finally, in the newly created file, ssl-domeniu.crt must have three certificate codes, the first being in the file 113029727.crt.

4. The next step is to configure NGINX for HTTPS.
Assuming you have already configured it for HTTP, you only have to add the following lines to the domain's nginx configuration file:

server {
listen 80;
server_name numedomeniu.tld www.numedomeniu.tld;
rewrite ^ https://$server_name$request_uri permanent;

server {
listen 443 ssl;
server_name numedomeniu.tld www.numedomeniu.tld;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/nginx/ssl/ssl-domeniu.crt;
ssl_certificate_key /etc/nginx/ssl/numedomeniu.key;
ssl_prefer_server_ciphers on;

On the lines "ssl_certificate"And"ssl_certificate_key"You have to pass the exact path in the server to the two files. The line "rewrite”Is to do permanent redirection from http to https, so there is no risk of having a duplicate site on HTTP and HTTPS.

5. Restart NGINX.

systemctl restart nginx


service nginx restart

Depending on the CMS you use on the website: WordPress, Drupal, Magento, Joomla, Prestashop, etc. CMS, you will need to configure your database and other files to have a valid HTTPS website.
If we say that you have in a web page a picture whose path starts with "http: //", that page will not be valid HTTPS, and the indicator lock will not be present in the address bar of the browser web.

How to install an HTTPS Connection (SSL) certificate for a hosted website on an NGINX server without cPanel or VestaCP

About the author


Passionate about everything gadget and IT, I write with pleasure on since 2006 and I like to discover with you new things about computers and operating systems macOS, Linux, Windows, iOS and Android.

Leave a Comment