How we manually install SSL certified for website is very useful when we have a website hosted without CPanel / Vestacp. tutorial It is for nginx and it is necessary access' root’ to configuration for https.
content
I was saying in one article last month Like more and more websites have gone to secure https secure connections and as Firefox Quantum It is the first browser to start marking HTTP sites as unsafe for users.
Leaving aside the idea that has begun to sprout in the minds of many, as the sites without HTTPS would be uncertain and full of viruses, and those with https are clean (a totally false idea), many server administrators and sites are forced to make this transition from http to https protocol.
The transition from HTTP protocol at https involves buying one certificat SSLor use of the certificate offered free of charge by the project Let’s Encrypt, After the purchase of the SSL certificate, it must installed on the server, thenthe configured website for Switching from http: // to https: //.
How to install SSL (HTTPS Connection) certified for a Hostat website on a NGINX server without CPanel or Vestacp
Let's see step by step as we install an SSL certificate on a NGINX server.
Users ofcPanel or Vestacp They have at hand from the dedicated field management interface where they can put and install SSL certificates. For a user who only available command line from the server's console or SSH, tasks are a little complicated. Will have to do upload to certificates and configureze NGINX for Switching from http to https.
1. Generare CSR (Certificate Signing Request)
Log in in the server that is the website you want to activate https and execute the next order line. Preferably in/etc/ningin/ssl.
openssl req -new -newkey rsa:2048 -nodes -keyout numedomeniu.key -out numedomeniu.csrPreferably it is as in the name of files .key And.crt Put the domain name for which you are to use. In case you will use more in time, to know which and where it is.
In the end, in the folder in which the control line was executed you will obtain two files. namedmeniu.csr and namedoniu.Key,
2. Buy SSL certificate and get the .crt and .ca-tabudle files.
In our case we boughtPositiveSSL Multi-Domain Certificate of the COMFORTABLE, via NAMECHEAP.COM. After the purchase process, you will receive an email in which you must activate the SSL certificate. To pass in the validation request the domain name for which the certificate is used and other data included in the form. Will ask to enter andCSR Code generated above. You find it obviously in the file “namedmeniu.csr”. executed “Cat namenuMeniu.csr” to be able to copy the content.
In the end it will be asked to do Validation of domain name for which the certificate is used. You have more available Validation methods. The simplest and fastest, is on a Email address made by domain name.
Once over this step, in a few minutes you should receive an email in which you are attached an archive containing two files.SSL certificate (113029727.crt for example) and a file like 113029727.ca-Babudle.
3. Upload certified files on the server via ftp / sftp.
Climb the files from point 2 to the server to the same place where you have those from point 1 and combine the contents of the files: namedoniu.csr and 113029727.ca-Bavle in a single file. For example,SSL-Domeniu.crt.
At the end, in the newly created file,SSL-Domeniu.crt You have to have three certificates, the first being the one in the file113029727.crt.
4. Configuration NGINX for https – Add SSL certificates.
The next step is SA We set up ningx for https.
Assuming you have it already configured for HTTP, you only have to add to the NGINX configuration file the following lines:
server {
listen 80;
server_name numedomeniu.tld www.numedomeniu.tld;
rewrite ^ https://$server_name$request_uri permanent;
}server {
listen 443 ssl;
server_name numedomeniu.tld www.numedomeniu.tld;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_certificate /etc/nginx/ssl/ssl-domeniu.crt;
ssl_certificate_key /etc/nginx/ssl/numedomeniu.key;
ssl_prefer_server_ciphers on;On the lines “ssl_certificate” and “ssl_certificate_key” You have to pass the exact path in the server to the two files. Line “rewrite” is to make Permanent redirection on http on https, therefore, there is no risk of having a duplicate site on HTTP and HTTPS.
5. Config NGINX and Restart verification after we install SSL certified manually
Before you restart the NGINX service is good to make a check of nginx.conf.
nginx -tIf everything is ok to the result of the nginx test, restart the service.
systemctl restart nginxor
service nginx restartDepending on the CMS you use in the website: WordPress, Drupal, Magento, Joomla, Prestashop, etc. CMS, you will need to configure your database and other files to have a Valid HTTPS website.
If we say that you have on a web page a picture whose path starts with “http://”, that page will not be valid HTTPS, and the indicator lock will not be present in the web browser bar.
