SSL Certificates

How do I configure SSL on NGINX?

In order to add your Lets Encrypt SSL certificates to your NGINX server you will need SSH/CLI access to the server to upload the files and edit the configurations, if you do not have this please speak to your hosting provider about how to add your SSL certificates.

The first step is to upload your SSL certificate and private key files to the server, you can do via SFTP/FTP, alternatively you can simply copy and paste the file into onto the sever by creating the files using an editor such as VI

Once the files are in place on your server, the only other step required is to update your NGINX configurations to use HTTPS instead of HTTP, configuration files are normally located in /etc/nginx/ however it may be different depending on your OS version. The configuration file to edit is the one that contains the ‘server’ declaration for your website, this is normally either the default.conf, or a file in the sub direction ‘sites-enabled’. The most basic of server delectations may look something like this:

server {

    listen       80;
    server_name  www.example.com example.com;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

}

To enable SSL you need to create a new server declaration that listens for HTTPS connections, an example configuration for the example.com domain above might look like this

server {

    listen       443 ssl;
    server_name  www.example.com example.com;

    ssl_certificate     /home/me/example.com.crt;
    ssl_certificate_key /home/me/example.com.key;

    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

}

The important lines are highlighted above in red and are the locations of the SSL certificate and private keys you uploaded earlier, these should be set to the place where the files we’re upload to.

Once you have saved the configuration, it is necessary to reload the NGINX configuration, this can be done by entering the following line into the CLI

service nginx reload

or

/etc/init.d/nginx reload

Depending on your OS either of the above commands may work, once the reload is complete you should now be able to access your website at https://example.com

For a complete guide including more advanced configurations please see the NGINX documentation

If you need any further help today, please don't hesitate to contact our friendly support team on 03300432583 or by email!