To generate and install an SSL certificate for Nginx, follow these steps:
-
Obtain an SSL certificate:
- Purchase a certificate from a trusted Certificate Authority (CA).
- Use a free CA like Let's Encrypt.
-
Generate a private key and a Certificate Signing Request (CSR):
- Create a new private key:
openssl genrsa -out private.key 2048
- Generate a CSR using the private key:
openssl req -new -key private.key -out csr.pem
Fill in the required information when prompted.
-
Submit the CSR to the Certificate Authority:
- If using a paid CA, follow their instructions for submitting the CSR and getting the certificate.
- If using Let's Encrypt, use their Certbot tool or an ACME client to automate the process.
-
Obtain the SSL certificate:
- If using a paid CA, they will issue the certificate. Follow their instructions for obtaining the certificate.
- If using Let's Encrypt, the certificate files will be automatically obtained and saved to a specified directory.
-
Install the SSL certificate in Nginx:
- Copy the SSL certificate and private key to the server. Let's assume the certificate files are named
certificate.crt and private.key.
- Move the certificate files to a secure directory accessible by Nginx. For example:
sudo mv certificate.crt /etc/nginx/ssl/
sudo mv private.key /etc/nginx/ssl/
- Open the Nginx configuration file (
nginx.conf or a specific site configuration file) and add the following lines within the appropriate server block:
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
- Save the configuration file and exit.
-
Test the Nginx configuration:
- Run the following command to check for syntax errors in the configuration file:
sudo nginx -t
- If there are no errors, restart Nginx to apply the changes:
sudo systemctl restart nginx
- If there are errors, review the configuration file and correct them before restarting Nginx.
Now Nginx should be configured to use the SSL certificate. Verify the installation by accessing your website over HTTPS.