Certificate Installation Generate Key Nginx Digital Ocean

Posted on by
Certificate Installation Generate Key Nginx Digital Ocean Rating: 3,8/5 3987 votes

We’ve installed the Let’s Encrypt agent to generate SSL/TLS certificates for a registered domain name. We’ve configured NGINX to use the certificates and set up automatic certificate renewals. With Let’s Encrypt certificates for NGINX and NGINX Plus, you can have a. Sep 30, 2019  Deploy Reaction Commerce on Digital Ocean with Nginx and a Let's Encrypt SSL certificate - docker-ssl-deployment.sh. I have been trying to install the SSL certificate on my droplet on Digital Ocean. This droplet is running NGINX / Ubuntu 16.04 x64. I don't have any cPanel just a terminal with SSH connection. I have also talked to the Digital Ocean's support guy and he shared 2 tutorials with me which I have tried.

Last updated: 14/01/2016

This article assumes you've received your certificate from the Certificate Authority, and that you wish to install it on your Nginx webserver. If you want to know how to request a certificate, please consult the « How to generate a certificate request with OpenSSL » article.

Nginx - SSL certificate installation

Step 1: Building a certificate bundle

Unlike Apache, Nginx needs all its SSL certificates to be concatenated into one bundle containing the root certificate, the intermediate certificate and your own certificate. The order in which you concatenate the certificates is important:

  • The first certificate in the file should be your own server certificate
  • Then followed by intermediate certificate, if any - there usually is one, sometimes two
  • Then followed by the root certificate

The root certificate is not strictly needed in this list, since browsers have CA's root certificates built-in, however it may be best practice to include it.

Depending on the Certificate Authority you ordered your certificate from, you may receive the certificates either as distinct files, all bundled in one file, or your certificate in one file and all CA certificates in a bundle. Most commonly, you will receive your own certificate as a separate file, and another file containing intermediate and root certificates for use in Apache.

If you have received separate files from the CA, use the following command to concatenate the certificates in reverse order. If there's only one intermediate certificate, you only need to concatenate that one, of course.

If you received your own certificate in a separate file, and the CA certificates in a bundle, execute the following command to create your bundle:

If you received all certificates in a single bundle, just move the file over to your certificate directory, for instance /etc/certs.

Certificate Installation Generate Key Nginx Digital Ocean City

Step 2: Edit the Nginx virtual hosts file

Open the SSL virtual hosts file of your Nginx server. Depending on your distribution, it could be found at one of the following locations, or if you installed from source, somewhere entirely different (but then, you probably won't be needing this manual):

  • /etc/nginx/conf.d/ssl.conf (Red Hat, CentOs and Fedora Linux)
  • /etc/nginx/sites-available/www.mydomain.com (Debian and Ubuntu)

Add a new server block to the virtual hosts file. Note that in the example below, you should modify the paths so that they point to your website's root directory, and the SSL directives so they point to your SSL certificate and your private key. It may be easier to copy and modify an existing server entry in your config file.

Please note that the above is only a minimal working server configuration, and that your web server should be tuned for optimum security and performance. You may want to check out our articles on tuning and securing Nginx in the Knowledge Base.

Step 3: Test your configuration

16 digit random key generator. It's good practice to check your server configuration before restarting Nginx. Modify the command below to point to your main Nginx configuration file if it's in a different location.

Certificate Installation Generate Key Nginx Digital Ocean Free

Step 4: Restart Nginx

Restart Nginx to apply your new configuration:

Certificate Installation Generate Key Nginx Digital Ocean Pro

Step 5: Troubleshooting

If you didn't concatenate your certificates in the correct order, Nginx will fail to start and display an error similar to the following one:

Certificate Installation Generate Key Nginx Digital Ocean City

In that case, try to concatenate your certificate files in the correct order again.

If your certificate doesn't display correctly in a browser, check if all certificates are being sent correctly to a browser with the following command, replacing www.kinamo.be with your own domain name:

You should see a chain of certificates starting with your own one, and going up through the different intermediate certificates.

Digital Ocean Install Nginx Ubuntu

Step 6: Security Test

Certificate Installation Generate Key Nginx Digital Ocean 2

Visit Qualys SSL Labs' test page to check if your web server and SSL certificate are up to par with modern-day security standards.