How to enable ssl in NGINX using Goddady certificate?

I am quite new on this, havent install SSL certificates in nginx yet so excuse my ignorance.

I have a certificate from godaddy's but i cant seem to find a way to use it on my linux server (ubuntu 18.04).

I will run through what I have done till now.

Godaddy certificate

In the process to create a SSL certificate first godaddy provides two files one with your SSL certificate key and another with the CSR (not sure what it is).

The you are prompted to download the SSL certificate which is another two files, one which is some sort of bundle and the other is something else (from their website)Copy your SSL certificate file and the certificate bundle file to your Nginx server. both this file is .crt

Router

I have enable any incoming 443 to redirect the traffic to my server.

Server Ubuntu 18.04

I followed their not so helpful tutorials.

Edited the nginx config file

/etc/nginx/sites-available/myweb

server { listen 443; listen [::]:443; ssl on; ssl_certificate_key /etc/nginx/ssl/myweb.key; ssl_certificate /etc/nginx/ssl/certf.crt; ssl_certificate /etc/nginx/ssl/b_certf.crt; root /media/world/myweb/origin; index index.html index.htm index.nginx-debian.html; server_name 192.168.0.9 lmyweb.com location / { try_files $uri $uri/ =404; }
}

When accessing my website, I get 404 this site cant be reach.

Am I missing something? maybe some enable in Nginx that I dont know about? or maybe im configuring the above in the wrong file?

Any help will be appreciated.

7

1 Answer

So you're falling into quite a few pitfalls, as well as your SSL cert problems.

So let's go through this bit by bit.


SSL Certificates for NGINX

Unlike Apache, you can only provide a single ssl_certificate line in a server block; extra ones will cause problems or the thing to ignore certificates.

NGINX certificates need to contain the following in this order:

  • Your site / serer_name's specific cert
  • The CA certificates chain. This is provided by GoDaddy along with your certs in their ZIP files.

You can usually do this by something like cat sitecert.crt ca-cert.crt > sitecert.fullchain.pem, then use the sitecert.fullchain.pem file in your NGINX configs.


SSL Configuration

NGINX configuration for SSL needs to be the following (note that other config bits are stripped out or replaced by # ... to indicate you need to configure bits at this point for whatever the rest of your config is):

server { listen 443 ssl; server_name example.com; ssl_certificate /path/to/sitecert.fullchain.pem; ssl_certificate_key /path/to/sitecert-private.key; # ... Site specific configs here
}

This fixes several things:

  1. This uses the proper listen 443 ssl; line. You should not be using ssl on; as this is considered old and deprecated.

  2. This uses the full-chain of certificates and the key and has them in a sane order.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like