Install SSL on Nginx Server

This guide provides the steps to configure SSL/TLS on an Nginx server using certificate files from EchoSSL.

Prerequisites

You need shell access (e.g., SSH) to your server with root or sudo privileges. Have your certificate.crt, private.key, and ca_bundle.crt files from EchoSSL ready.

Step-by-Step Installation

1. Combine Your Certificate Files
   Nginx prefers a single "chained" certificate file containing your certificate and the CA bundle. You can create this with a simple command:

   cat certificate.crt ca_bundle.crt > your_domain_chained.crt

2. Upload Files to Your Server
   Copy the new your_domain_chained.crt and your private.key files to your Nginx server. Common locations are /etc/ssl/certs/ for the certificate and /etc/ssl/private/ for the key.
3. Configure Your Nginx Server Block
   Open your domain's server block configuration file, typically found in /etc/nginx/sites-available/. You will need to add a `server` block that listens on port 443 for SSL traffic.
4. Add SSL Directives
   Add the following directives inside your new `server` block, adjusting the file paths to match your server's setup:

   listen 443 ssl;
   listen [::]:443 ssl;
   
   server_name your_domain.com www.your_domain.com;
   
   ssl_certificate /etc/ssl/certs/your_domain_chained.crt;
   ssl_certificate_key /etc/ssl/private/private.key;
   
   # Other SSL settings (optional but recommended)
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_prefer_server_ciphers on;

5. Test Your Nginx Configuration
   Before applying changes, run a test to check for any syntax errors.

   sudo nginx -t

   If the test is successful, you can proceed.
6. Reload Nginx
   To apply the new configuration without dropping connections, reload Nginx.

   sudo systemctl reload nginx

Verify the Installation

Once Nginx has been reloaded, your certificate should be active. Use our free SSL Certificate Checker to validate the SSL certificate installation and ensure everything is working perfectly.