- Generate your SSL CSR to give your SSL provider
openssl req -nodes -newkey rsa:2048 -keyout domainname.com.key -out domainname.com.csr</li> </ol>
NOTES:
Common name is the DOMAIN NAMEthen write
cat domainname.com.csr
copy the whole block including the last whitespaces from
—-begin certificate request—–
key
—– end certificate request —– > cert_chain.crtpaste that in to your SSL provied including whitespaces. Then when you followed the steps and downloaded your certficate
concatenate them into a cert_chain.
cat code_support.crt code_support.ca-bundle >> cert_chain.crt
OBS! ORDER IS IMPORANT!
then upload the bundle and the domain.crt together with the key to your home folder, through SFTP or like this in the terminal:scp domainkey.key user@domain:domain_com.key scp cert_chain.crt user@domain:cert_chain.crt scp domain.crt user@domain:domain.crt
ssh till servern.. copy over the files to correct folder
sudo cp domainkey.key /etc/ssl/domainkey.key sudo cp cert_chain.crt /etc/ssl/cert_chain.crt sudo cp domain.crt /etc/ssl/domain.crt rm domainkey.key rm cert_chain.crt rm domain.crt
…
set up nginx to find the certificates and use SSL
1.sudo nano /etc/nginx/sites-enabled/default
uncomment
listen 443 ssl default_server; listen [::]:443 default_server ipv6only=on; #add server_name domain.com; #add SSL config server_name domain.com; ssl_certificate /etc/ssl/cert_chain.crt; ssl_certificate_key /etc/ssl/domain.com.key; #uncomment error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; }
add redirects to the bottom: server { listen 80; server_name domain.com; rewrite ^/(.*) https://domain.com/$1 permanent; } server { listen 443 ssl; server_name www.domain.com; return 301 $scheme://domain.com$request_uri; }
ctrl x
y for saving
sudo nginx -t
if successful
sudo service nginx restart
Create, upload and configure SSL cert for NGINX
June 20, 2016
Nginx, Ubuntu/Debian