SSL certificate is a must to have on a website when it comes to the website's security.
There are many SSL/TLS certificate providers in the current market, some of them are paid, and some are totally free.
In this guide, I am going to install a free SSL certificate on NGINX.
Prerequisites
Before moving to the installation part, you will need:
- An operating system installed on your virtual machine ( I am going to use Ubuntu/Debian for this tutorial ).
- NGINX installed by following how to install NGINX on ubuntu 21.04
- A valid domain name with pointing An "A" record to your server's public IP address.
- For Example -
An "A" record forarmanism.comwith this IP157.245.242.152
AN "A" record forwww.armanism.comwith thisIP 157.245.242.152 - Open port 443 for using HTTPS protocol.
Step 1 - Obtaining a Free SSL Certificate
I am going to use ZeroSSL to get my free SSL certificate. ZeroSSL provides three free SSL certificates for your website. If you have more than three websites, you can use their paid plan.
Let's get started.
First, go to the ZeroSSL's official website.
Enter your domain name in the type box and click on "Next Step".
Create an account on ZeroSSL using your mail ID and password, but you can log in if you already have an account.
After login into your account, you will be redirected to the dashboard. Now click on the next step.
You will see a 90-day certificate Validity ( this certificate will only be valid for 90 days, but you can renew it after the 90 for free. Otherwise, you can use their pro plan for one year of validity).
Now click on the next step.
The free plan is already selected. Click on the next step.
In this step, you need to verify your domain ownership. There are three methods of verifying your domain ownership.
- Via Email Verification
- Via DNS (CNAME)
- Via HTTP File Upload
You can use any of these methods according to your convenience (I am going to use the DNS (CNAME) method ).
In order to change add CNAME record in your domain name, go to your domain registrar website and navigate to DNS management and Add CNAME record.
After adding your CNAME record, click on the next step and verify the domain. It will automatically generate an SSL certificate for your website.
Now, you can download your SSL certificate in zip format.
Step 2 - Upload SSL certificate file to your server
First, You need to login to your server using SSH.
You can use this command to login.
ssh username@your public-IPFor example -
ssh root@157.245.242.152Next, you need to create a separate directory in your Ubuntu/Debian server, or you can also use the existing directory ( I am going to make an independent directory for the SSL certificate ).
You can use this command to create a new directory.
sudo mkdir /etc/ssl/certificateAfter creating a directory, move to that directory using this command:
cd /etc/ssl/certificate And now upload the SSL certificate file which you downloaded from ZeroSSL's website.
You can upload the zip file using FTP (Filezilla), or you can use the SCP command to upload your local file to your remote server.
Now open a new terminal and use this command to upload the file directly.
scp /user/arman/download/armanism.com.zip root@157.245.242.152:/etc/ssl/certificateIn the above command, this /user/arman/download/armanism.com.zip is your local file location, and this root@157.245.242.152:/etc/ssl/certificate is your remote location where you want to upload the file.
It will ask you for your remote server root password. Enter your password and press enter.
Now, unzip the zip file using this command:
sudo unzip armanism.com.zipReplace the file name with your file name.
Note: If the zip and unzip package is not installed on your server, you need to install it.
You can install zip and unzip packages using this command:
sudo apt install zip unzipNow, you have to merge certificate.crt and ca_bundle.crt to one file, which is certificate.crt
In order to merge your certificate.crt and ca_bundle.crt files together use this command :
sudo cat certificate.crt ca_bundle.crt >> certificate.crtStep 3 - Configure NGINX virtual host for HTTPS
Now you need to edit your NGINX virtual host in order to use HTTPS ( SSL Certificate).
You can find your NGINX configuration in this location /etc/nginx/sites-enabled/ if you installed NGINX from Ubuntu/Debian’s package manager.
If you installed or built NGINX from source, you can find your NGINX configuration in this location /etc/nginx/nginx.conf.
For this tutorial, I am using NGINX virtual host.
In order to set up SSL, you have to point to the SSL certificate in the NGINX virtual host.
sudo nano /etc/nginx/sites-enabled/armanism.comNow add this configuration to the server block.
# SSL configuration
listen 443 ssl;
ssl_certificate /etc/ssl/certificate/certificate.crt;
ssl_certificate_key /etc/ssl/certificate/private.key;Full configuration should look like this :
server {
# SSL configuration
listen 443 ssl;
ssl_certificate /etc/ssl/certificate/certificate.crt;
ssl_certificate_key /etc/ssl/certificate/private.key;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name armanism.com www.armanism.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}Now test your nginx configuration by using this command
sudo nginx -tThe output looks like this:
root@nginx:/etc/ssl/certificate# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulAfter that restart your NGINX by using this command :
sudo systemctl restart nginxCongratulations 🎉, you have successfully installed an SSL certificate on NGINX. You can verify this by visiting your website in your browser.
https://www.armanism.com
Step 4 - Redirect HTTP to HTTPS in NGINX (Optionally)
If you want to redirect your traffic HTTP to HTTPS, you have to configure your NGINX virtual host.
In order to setup HTTPS redirection in NGINX, edit your virtual host file using this command :
sudo nano /etc/nginx/sites-enabled/armanism.comNow add this code to your NGINX virtual host within the server block.
listen 80;
if ($scheme != "https") {
rewrite ^ https://$host$uri permanent;
}It should look like this
server {
# SSL configuration
listen 443 ssl;
ssl_certificate /etc/ssl/certificate/certificate.crt;
ssl_certificate_key /etc/ssl/certificate/private.key;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name armanism.com www.armanism.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
#http to https redirection
listen 80;
if ($scheme != "https") {
rewrite ^ https://$host$uri permanent;
}
}If you want to redirect your traffic with WWW with your main domain, you can use this code.
# global HTTP handler
listen 80;
if ($scheme = http) {
return 301 https://www.armanism.com$request_uri;
}NOTE: Replace armnaism.com with your domain name from every code.
Conclusion
Now you have successfully redirected your traffic HTTP to HTTPS in NGINX. If you have any questions regarding this guide, please let me know in the comment section.
Have a nice day 😊.