Overview
Recently, I had installed the GoDaddy certificate with Nginx and faced a lot of issues, so just thought sharing it in a blog will be a good idea. This blog covers the steps of installing GoDaddy certificate with Nginx. First, we need to know about the Certificate Signing Request (CSR) and the private key. CSR is a special code, which contains some information like domain name, organization name, email id, etc. It is an important part of SSL certificate creation. SSL can’t work without a private key. The private key is a file that is used in encryption/decryption of data which is transferred between the server and the client.
There are two ways of generating SSL
- You have to generate an SSL certificate in GoDaddy and you will get CSR and private key files.
- Generate these CSR and private key on Nginx server and then provide this CSR file at the time of SSL generation in GoDaddy.
Generate SSL certificate, CSR and private key
Firstly, create a folder to store all SSL certificate files in /etc/nginx.
cd /etc/nginx/ mkdir ssl
And change the SSL folder permission.
sudo chmod -R 755 ssl/
As I mentioned earlier, there should be one situation out of these two, either you create an SSL certificate first or you create CSR and private key first.
- If you already have an SSL certificate generated on GoDaddy.
In this scenario, you already have an SSL certificate generated, so GoDaddy has already provided you with the CSR and Private key.
You just need to upload these files to Nginx server.These files are in text format so convert them to .csr and .key format by just renaming and adding an extension. Also open key file and if it contains —–BEGIN PRIVATE KEY—– and —–END PRIVATE KEY—– then edit them to —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—–Now upload these files to Nginx server in the ssl folder. Upload local files to server.sudo -S scp -i <pemfile of server with path> <local file to upload on server with full path> <username>@<ip-address>:~/
Above command will add files to home directory of the server,
from there you can copy them to ssl folder.sudo cp -i /home/ubuntu/<new_uploaded_file> /etc/nginx/ssl/
We need to change it to proper key format, so run the following command into ssl folder.
openssl rsa -in <key_file> -out <new_key_name>.key
- If you do not have purchased the SSL certificate
In this scenario we first need to generate CSR and private key on our Nginx server.openssl req -newkey rsa:2048 -nodes -keyout <new_key_name>.key -out <new_csr_name>.csr
For example,
openssl req -newkey rsa:2048 -nodes -keyout my_domain.com.key -out example.com.csr
Here my_domain.com is my domain name.
Now, at the time of purchasing an SSL certificate, you need to copy and paste the csr file (for example, my_domain.com.csr) certificate to send a request for SSL certificate.
Use the following command to print the file content:
cat my_domain.com.csr
Download certificate files
You can download certificate files from GoDaddy . It will ask for server type in GoDaddy, select other for Nginx and it will give you 3 files.
For example, the filenames are 132a60b787c41556.crt, gd_bundle-g2-g1.crt, 132a60b787c41556.pem
Now rename the 132a60b787c41556.crt to my_domain.com.crt and gd_bundle-g2-g1.crt to intermediate.crt
Install the certificate on Nginx server
Now, upload these 2 certificates in /etc/nginx/ssl folder
As we have intermediate certificate, we have to create chained certificate from these 2 certificates and for that use the following command
cat my_domain.com.crt intermediate.crt > my_domain.com.chained.crt
Don’t forget to change the SSL folder permissions.
cd /etc/nginx sudo chmod -R 600 ssl/
Now it’s time to edit Nginx config file.
cd /etc/nginx/sites-available sudo default
Your config file should look like block below.
server {
listen 443 ssl;
root ...
server_name …..
Location / {
…..
…..
}
ssl on;
ssl_certificate /etc/nginx/ssl/<chained>.crt;
ssl_certificate_key /etc/nginx/ssl/<private>.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers '*********';
}
Save, quit and now test nginx config file by using the following command.
Sudo nginx -t
Then restart the nginx server.
sudo service nginx restart
Finally, test it by attaching https:// to your domain
Conclusion
I hope this blog will be helpful for those who are installing an SSL certificate to Nginx for the very first time.
You may also like
Create your own Meet Server
During the current CORONA Virus pandemic, people are using their computers to chat more than they probably do regularly, and an application like Zoom, Google Meet, Microsoft Team, etc has become incre...
What is HAProxy load balancer?
As the HAProxy official website states “HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.”.
