Step-By-Step Procedure To Install SSL/TLS Certificate On Nginx Web Server!

If you have a website that is running on unsecured HTTP protocol on an Nginx web server, and you want to connect your website through a secured HTTPS channel by installing an SSL/TLS certificate on the Nginx web server, then follow this procedure to install SSL/TLS certificate on Nginx web server.

How To Install SSL/TLS Certificate On Nginx Web Server?

The procedure primarily requires a website running on a web server like Apache or Nginx. An SSL/TLS certificate with the private key to enable HTTPS service on your website. In this demonstration, we have covered right from creating a website to configuring the website with an SSL/TLS certificate. The whole process consists of these four steps. However, you can ignore the first two steps if you have a site hosted on the Nginx web server and an SSL/TLS certificate with a private key.

Install SSL/TLS Certificate on Nginx Web Server!

Step 1. Set up a website on Nginx

In this section, we will be installing Nginx webserver on Linux Mint and creating a website ‘exampledomain.com’. If you have a site running on Nginx, you can skip this section.
#1. Install Nginx on Linux
$ sudo apt-get install nginx

#2. Check the Status
$ sudo systemctl status nginx

#3. Start Nginx if not started
$ sudo systemctl start nginx

#4. Allow both HTTP and HTTPS on the UFW firewall
$ sudo ufw allow ‘nginx full’

#5. Configure a Server Block on NginxMost of the time you may need to host multiple sites/domains on a single web server. Most of the modern web servers accomplish this via virtual hosts. In Nginx, those virtual machines are functioning as server blocks. Nginx has one default server block preconfigured. We are not going to tweak the default server block. We will create a new one for an example site.
#5.1. Create a directory for your site under /var/www/.
$ sudo mkdir -p /var/www/exampledomain.com/html

#5.2. Set the permission and ownership
$ sudo chown $USER:$USER /var/www/exampledomain.com
$ sudo chmod 755 /var/www/exampledomain.com

#5.3. Create an index.html file for the test site using nano editor
$ sudo nano /var/www/exampledomain.com/html/index.html

#5.4. Create the server block configuration file
$ sudo nano etc/nginx/sites-available/exampledomain.com

#5.5. Create symbolic link of the configuration file
$ sudo ln -s etc/nginx/sites-available/exampledomain.com etc/nginx/sites-enabled

#6. Restart the Nginx Service
$ sudo systemctl restart nginx

#7. Add the host file entry. Edit the file etc/hosts in nano editor
$ sudo nano etc/hosts

#8. Add the below line right below the localhost entry
127.0.1.1 exampledomain.com www. exampledomain .com

This is how you can create a website on Nginx.

Step 2. Create a CSR, submit the CSR to a Certificate Authority, and download the certificate with its private key.

Certificate Signing Request is the first step to get a Certificate for your website.
#1. Create a CSR for the site with a private key. This command will create two files exampledomain.com.csr and exampledomain.com.key.
$ openssl req -new -newkey rsa:2048 -nodes -keyout exampledomain.com.key -out exampledomain.com.csr

#2. Submit the content of the CSR to your internal or public Certificate Authority to sign the certificate. Once the CA issues the certificate download it to etc/nginx/ssl/exampledomain.com/ directory on your Nginx server.
#3. Copy the exampledomain.com.key to etc/nginx/ssl/exampledomain.com/ directory.
Note: You can skip this step if you have the certificate for your site.

Step 3. Configure the Nginx configuration file with the SSL/TLS certificate and private key.

This is the place where you need to link the certificate to your website. Edit the Nginx config file and point the certificate and its private key.

$ sudo nano etc/nginx/sites-available/exampledomain.com

server {listen 80;listen 443 ssl;
root /var/www/exampledomain.com/html;index index.html index.htm index.nginx.debian.html;
server_name exampledomain.com www.exampledomain.com;
ssl_certificate etc/nginx/ssl/exampledomain.com/exampledomain.com.crt;
ssl_certificate_key etc/nginx/ssl/exampledomain.com/exampledomain.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;
location / {try_files $uri $uri/ =404;}}

Step 4. Restart the Nginx services.

Restart the Nginx service using this domain.

$ sudo systemctl restart nginx

Test the Nginx configuration.

$ sudo nginx -t

If you see a successful message. You can access the site over HTTPS secure channel.

This is how you can install SSL/TLS certificate on the Nginx web server and enable HTTPS communication on your website.