This tutorial will show you how to configure Nginx to use your SSL/TLS certificate from SSL.com and redirect incoming HTTP traffic to the secure HTTPS version of your site. These instructions assume you have already generated your CSR and ordered an SSL/TLS certificate from SSL.com.
NGINX users can now automate ordering, configuration, and renewal of SSL/TLS certificates from SSL.com with the ACME protocol. Please read ACME SSL/TLS Automation with Apache and Nginx for more information.
- When you download your certificate from SSL.com, choose the Nginx download link. This file will include your server certificate and all required supporting certificates in the correct order for use with Nginx. The name of the downloaded file should end with .chained.crt.
- Place the certificate file and the private key you generated with your CSR where you would like them to go on your Nginx server. (Common locations on Debian-based Linux distributions like Ubuntu are /etc/ssl/certs/ for certificates and /etc/ssl/private/ for private keys). The private key must be secured properly. Check your OS documentation for the correct ownership and permissions settings.
- Open the Nginx configuration file containing the HTTP server block for your website (for example, on Ubuntu this might be located at /etc/nginx/sites-available/example.com). The HTTP server block should look something like this:
server { listen 80; listen [::]:80; server_name www.example.com; # configuration continues... }
- Add a block for the HTTPS version of the website below the HTTP block. Replace /PATH/TO/CERTIFICATE.crt and /PATH/TO/KEY.key with the actual paths to your certificate and key.
server { listen 80; listen [::]:80; server_name www.example.com; # configuration continues... } server { listen 443 ssl; listen [::]:443 ssl; server_name www.example.com; ssl_certificate /PATH/TO/CERTIFICATE.crt ssl_certificate_key /PATH/TO/KEY.key # configuration continues... }
Note that if you need to serve both an HTTP and HTTPS version of your website, you can put all listen directives into the same block:
server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name www.example.com; ssl_certificate /PATH/TO/CERTIFICATE.crt ssl_certificate_key /PATH/TO/KEY.key # configuration continues... }
However, it is generally recommended to redirect all traffic to HTTPS, as shown below. - To redirect all incoming HTTP traffic on port 80 to HTTPS, add a redirect to the HTTP block. This is advisable so that any existing HTTP links to your website will lead to the secure HTTPS version of the site. Note that you can also remove any additional configuration from the HTTP block.
server { listen 80; listen [::]:80; server_name www.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name www.example.com; ssl_certificate /PATH/TO/CERTIFICATE.crt ssl_certificate_key /PATH/TO/KEY.key # configuration continues... }
- Restart Nginx to put your changes into effect.