How to Install SSL Certificate on NGINX

March 25, 2020

Introduction

Installing an SSL Certificate on NGINX ensures a safe connection between your web server and browser. It encrypts the data transmitted over the internet so that it is only visible to the intended recipient.

If you have several NGINX servers, you need to buy and install SSL certificates on each server to activate the HTTPS protocol. To learn more about SSL certificates and how they work, check out our in-depth guide on SSL certificate types.

This article will show you how to install an SSL certificate on NGINX with simple, step-by-step instructions.

Tutorial on how to install SSL certificates on NGINX

Prerequisites

Install SSL Certificate NGINX Server Steps

This guide assumes you have already generated a certificate signing request and received your SSL certificate issued by a Certificate Authority (CA). If you are yet to obtain a certificate, follow our guide on generating a certificate signing request (CSR) and submitting it to a CA.

Step 1: Combine All Certificates into a Single File

You should have received your SSL certificate via email in the form of a .zip file. Once you download and extract the file, you will see it consists of a server certificate, a root certificate, and an intermediate certificate.

The first step is to combine all three files into one.

diagram showing Combines certificates into a single SSL bundle file

You can do this manually, by copying and pasting the content of each file in a text editor and saving the new file under the name ssl-bundle.crt.

You can also do this via command-line. The command to merge the certificates into one file will depend on whether you have separate intermediate files or if these files are inside a single .ca-bundle file.

a) If all three certificates are listed separately, use the command:

cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt

b) If the intermediate certificates are in one bundle, run:

cat your_domain.crt your_domain.ca-bundle >> ssl-bundle.crt

Note: Make sure you save the ssl-bundle.crt file in the etc/ssl directory.

Step 2: Edit NGINX Configuration File

Next, configure the NGINX server block (AKA virtual host file) for your server.

If you don’t know the location of the file, run the command:

sudo find nginx.conf

Open the file to make the necessary modifications.

The easiest way to set up the configuration is to copy the original server module, paste it below, and edit the content.

  1. Start by specifying the server should listen to port 443: listen 443;
  2. Make sure the server block includes the line: ssl on;
  3. Define the path of the SSL certificate: ssl_certificate /etc/ssl/ssl-bundle.crt;
  4. Specify the directory where the SSL Certificate Key is located: /path/to/your_private.key;

The configuration file should look similar to the one below:

server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /path/to/your_private.key;
root /path/to/webroot;
server_name your_domain.com;
}
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /var/www/;
root  /home/www/public_html/your.domain.com/public/;
index index.html;
}
}

Save and exit the file.     Step 3: Restart NGINX Server  

For your configuration changes to take place, you need to restart your NGINX server. To do so, run the command:

sudo systemctl restart nginx

Step 4: Verify SSL Certificate

The best way to check you have successfully installed the SSL certificate on NGINX is to connect to your server via browser.

Open a browser of your choice and navigate to your domain using the https protocol:

https://your.domain.com

You should see a locked padlock verifying that the SSL certificate is now set up on your server. as in the image below:

Verify SSL certificate installation on Nginx with padlock symbol

Conclusion

If you have followed the outlined steps above, you should have installed an SSL Certificate on you NGINX server. Make sure to install separate certificates on each machine if you have more than one NGINX server.

Let’s Encrypt is a free certificate authority that allows you to set up protection on your NGINX server. Check out our article on how to set up Let’s Encrypt to secure your Nginx server.

Was this article helpful?
YesNo
Sofija Simic
Sofija Simic is an experienced Technical Writer. Alongside her educational background in teaching and writing, she has had a lifelong passion for information technology. She is committed to unscrambling confusing IT concepts and streamlining intricate software installations.
Next you should read
How to Generate a Certificate Signing Request (CSR) With OpenSSL
March 7, 2024

A Certificate Signing Request (CSR) is the first...
Read more
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH
May 20, 2019

Are you running into the ERR_SSL_VERSION_OR_CIPHER_MISMATCH...
Read more
How to Check the OpenSSL Version Number
June 13, 2019

OpenSSL is an open-source cryptographic library and SSL toolkit. The...
Read more
How To Install SSL Certificate on Apache for CentOS 7
September 15, 2019

Learn how to obtain and install SSL Certificates on Apache CentOS 7. The article...
Read more