I’m Paul Herron and I’m a web developer. I build online applications
with tools like CakePHP and jQuery.

Installing an SSL certificate on Nginx

by Paul Herron on 07 June 2014

I remember the first time I installed an SSL certificate on Nginx. I was quite surprised by how straightforward it was! I'm not sure why I expected a big drama but happily there was nothing of the sort.

I'm not sure if these steps are the simplest or the most up-to-date, but by Christ they work!

The first step is obviously to buy an SSL certificate.

You'll be prompted for a certificate signing request, so let's generate one of those now on the command line of our own computer:

openssl genrsa -out mysite.com.key 2048
openssl req -new -key mysite.com.key -out mysite.com.csr

At this point OpenSSL should prompt you for some information, which you can enter as applicable:

Country Name (2 letter code) [UK]: UK
State or Province Name (full name) [Some-State]: London
Locality Name (eg, city) []: London
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MySite Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []: mysite.com
Email Address []: contact@mysite.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Paste your CSR into the GoDaddy admin panel and you should then be able to download a bundle of files. Download and extract that bundle and then combine the CRT files into one. The names of the files might be different to those below but the idea is we want to combine both of the .crt files together into a single file:

cd directory_that_contains_the_files
cat mysite.com.crt gd_bundle.crt > mysite_combined.crt

Both files that we need to go onto the server are now ready. Put the .crt file here on the server:

/etc/ssl/certs/mysite_combined.crt;

And the .key file here on the server:

/etc/ssl/private/mysite.com.key;

With the files in place it should now just be a case of adding a few lines to the ngix config file. Most probabaly you have a file like /etc/sites-enabled/mysite that contains your config. It needs the following lines to enable SSL and use the certificate we want it to:

server {
    server_name mysite.com;
    listen 80;

    # These three lines should get SSL working.
    listen 443 default ssl;
    ssl_certificate /etc/ssl/certs/mysite_combined.crt; 
    ssl_certificate_key /etc/ssl/private/mysite.com.key;

    # Other config.
    # …
}

Back to homepage

Next: