`

The text in between the BEGIN and END will be much longer your end I have cut them down for legibility.

Installing the certificate

Now we have the required files we need to set up the Nginx server to use them properly. To do this you will need to place the files in a directory readable by the server, in my case I have the files for onmylemon stored like this:

  • /var/www/onmylemon/
  • www/
  • certs/
  • public/

So in my case I have two files in the certs directory ssl.key and ssl.cert.bundle. We now need to tell Nginx where these are and that we want to use these to set up an encrypted site. I have written an article on setting up an SSL only Nginx site that has some code samples in it but for ease here is a basic Nginx configuration for SSL.

`

HTTPS

server {

# Set up the port listener   listen 443;

# Set the hostname to be served   server_name SITE www.SITE;

# Set up SSL   ssl on;   sslcertificate /var/www/SITE/certs/ssl.cert.bundle;   sslcertificatekey /var/www/SITE/certs/ssl.key;   sslsessiontimeout 5m;   sslpreferserverciphers on;

# Set up the root of public html folders   root /var/www/SITE/www;   index index.php index.htm index.html;

} `

These two lines will tell Nginx to use the files we have created, obviously change the directories according to how you have things set up.

ssl_certificate /var/www/SITE/certs/ssl.cert.bundle; ssl_certificate_key /var/www/SITE/certs/ssl.key;

Once all of this has been completed you will then need to restart the Nginx server for the changes to take effect. To do this you will need to run the following command:

Ubuntu: sudo service nginx restart

Debian: sudo /etc/init.d/nginx restart

Conclusion

So you are all done and set up with an SSL certificate for Nginx, the process does take a while so you are forgiven if it became frustrating. This is the only method that consistently works for me and I use this over several servers at IPGeek. Please comment if you have any questions or feedback on this article.