How to Install SSL Certificate on NGINX Server

  SSL Certificate, Web servers
setup SSL self-signed Certificate NGINX Server

If you want to secure your website and improve its security, you need to install an SSL certificate on your NGINX server. In this guide, we will walk you through the process of installing an SSL certificate on NGINX server.

Step 1: Generate a private key and a certificate signing request (CSR).

To generate a private key and a CSR, you can use the openssl command-line tool. Here is an example of how to do it:

# Generate a self-signed certificate 
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /path/to/your/private.key -out /path/to/your/certificate.crt
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []: your_ip_address
Email Address []:

This command generates a self-signed X.509 certificate using OpenSSL. Here is what each option does:

  • req: This subcommand specifies that we want to use X.509 certificate signing request (CSR) management.
  • -x509: This option specifies that we want to make a self-signed certificate instead of generating a certificate request.
  • -nodes: This option specifies that we don’t want to encrypt the private key.
  • -days 365: This option specifies that the certificate will be valid for 365 days.
  • -newkey rsa:2048: This option specifies that we want to generate a new RSA key with 2048 bits.
  • -keyout /path/to/your/private.key: This option specifies where to save the private key file.
  • -out /path/to/your/certificate.crt: This option specifies where to save the certificate file.

Step 2: Obtain an SSL Certificate

The first step is to obtain an SSL certificate from a trusted Certificate Authority (CA). You can either purchase an SSL certificate from a third-party provider, or you can generate a free SSL certificate using Let’s Encrypt.

Step 3: Install NGINX

You need to have NGINX web server installed on your system. If it is not already installed, you can do so by running the following command:

$ sudo apt-get update
$ sudo apt-get install nginx

Step 4: Configure NGINX to Use SSL

Next, you need to configure NGINX to use SSL. To do so, follow these steps:

Create a new directory for your SSL certificate:

$ sudo mkdir /etc/nginx/ssl

Copy your SSL certificate and private key to the new directory:

$ sudo cp /path/to/your/certificate.crt /etc/nginx/ssl/ 
$ sudo cp /path/to/your/private.key /etc/nginx/ssl/

Open the NGINX configuration file in a text editor:

$ sudo nano /etc/nginx/sites-available/default

Add the following lines to the file, inside the server block:

listen 443 ssl;
ssl_certificate /etc/nginx/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;

Save and close the file.

Test the NGINX configuration file:

$ sudo nginx -t

If there are no errors, reload NGINX:

$ sudo service nginx reload

That’s it! Your NGINX server is now configured to use SSL. You can test it by visiting your website using HTTPS protocol (https://yourwebsite.com).

LEAVE A COMMENT