SSL installation and renewal on an Nginx server is a frequent task a sysadmin needs to do. We discuss the steps here for that.
In nginx, certificate files are located at “/etc/nginx/ssl/”.
For Installing a new SSL Certificate in SSL #
Step 1.
- Test the nginx configuration using the following command.
nginx -t
Step 2.
- Create a file “example.com.crt” and copy and paste the contents of the certificate file and CA bundle in that exact order.
vim example.com.crt
Step 3.
- Create the file “example.com.key” and copy and paste the private key.
vim example.com.key
Step 4.
- Test the nginx configuration one more time using the command nginx -t
nginx -t
Step 5.
- Reload nginx
nginx -s reload
- Check the SSL Certificate on Any SSL-checking website.
https://www.sslshopper.com/ssl-checker.html
For renewing SSL Certificate in Nginx Server #
Step 1.
- Test the nginx configuration using nginx -t
nginx -t
Step 2.
- Back up the file “example.com.crt” to “example.com.crt.back” and also a backup “example. key” to “example. key.back”.
cp example.com.crt /etc/nginx/ssl/example.com.crt.backup20230627 cp example.com.key /etc/nginx/ssl/example.com.key.back20230627
Step 3.
- Verify the new certificate is valid using any SSL-checking websites.
https://www.sslshopper.com/certificate-decoder.html
Step 4.
- Check whether both the private key and new certificate match using the following website:
https://www.sslshopper.com/certificate-key-matcher.html
Step 5.
- Update the file “example.com.crt” with the contents of the certificate file and CA bundle in the order main certificate and then other certificates respectively, using Vim or another text editor.
(We usually don’t need to make changes to key files since this is a renewal.)
- Test the nginx configuration again.
nginx -t
- Reload nginx
nginx -s reload
Check the SSL Certificate on Any SSL-checking website.
https://www.sslshopper.com/ssl-checker.html
You can also check the SSL certificate in a web browser by following these steps:
(Please note that the specific steps may vary slightly depending on the browser you are using)
- Open your web browser (e.g., Chrome, Firefox, Safari).
- Visit the website or domain you want to check the SSL certificate by entering the URL in the address bar.
- Once the page loads, click on the padlock icon to the left of the website URL in the address bar. This indicates a secure connection.
- In the dropdown menu that appears, click on “Certificate” or “View Certificate”. This will open the SSL certificate details.
Thus we have completed SSL installation and renewal on an Nginx server.
You can learn how to enable gzip compression in nginx, here.