How to install a certificate on Nginx server VPS Server

After you generated a CSR and private key codes, activated and validated your certificate on certificate provider side and got the certificate files, your SSL certificate should be installed on your Nginx server.

Let's take a quick look at the process: 1. You need to upload the certificate and Certificate Authority Bundle files to your server. 2. These two files should be combined into one. 3. Your web server configuration should be adjusted for 443 port, which is used for SSL/TLS connection. 4. Finally, the server should be restarted for the new settings to be applied.

Before we start, remember to check if your firewall has a rule for 443 port to be opened. Also, remember to check if you have the following files with you to make the certificate work: 1. Certificate file itself. 2. CA Bundle (chain) file. 3. Private key file which was generated together with the CSR code on your server.

The first step is to upload the certificate and CA Bundle files on the server. You can do this via FTP/SFTP/SCP or any other suitable way. We will use touch command to create new files directly on the server and paste the content of our certificate and bundle files there. We will not need any additional programs. Make sure you are in your home directory (you can work from any other, except for web folders):

cd ~

Then create two files and put the certificate and CA Bundle codes from your certificate provider there:

touch yourdomain.crt

and

touch cabundle.crt

These files should be concatenated into one with this command:

cat yourdomain.crt cabundle.crt > yourdomain.combined.crt

From here you need to navigate to your domain VirtualHost file and add a few lines there. Make sure to back up the file:

cd /etc/nginx/sites-enabled

cp default /home/default.backup

Now open the file with any text editor to add the needed configuration. We prefer nano:

nano default

Duplicate the block for port 80 in the file, which should already be there by default, and replace 80 to 443 port in the second block. Also, you need to add these lines to the 443 port block:

ssl on;
ssl_certificate /root/yourdomain.combined.crt;
ssl_certificate_key /root/yourdomain.key;

Please keep in mind that you need to use the combined certificate we created earlier in this tutorial, and the private key which was generated with the CSR code on your server.

Once this is done, feel free to restart Nginx web server to apply the settings:

service nginx restart

Now you should be able to access your website via HTTPS protocol. Congratulations!

Note: you may receive error:0B080074:x509 certificate routines: X509_check_private_key:key values mismatch error message during Nginx restart. This means that the private key you use is not the one which was generated with the CSR used for your certificate activation.

If you lost the private key, you can look it up using this command:

find / -name “*.key”

Small tip: if you want your website to be accessible via HTTPS by default, you need to add a redirect rule to your domain configuration file, which is located in /etc/nginx/sites-enabled directory. Just add the following code there:

return 301 https://yourdomain.com$request_uri;

Just replace yourdomain.com with the domain you have the certificate for.

Keep it secure!