How to generate and install SSL certificate in nginx running WordPress

You’ve got your site running on https with a self-signed certificate but it’s time to get one signed by a Certificate authority. If you haven’t already configured your server for https then follow the guide here.

The first thing we need to do is create the private key and csr file. The private key stays on the server, and the csr file is sent to the certificate authority for signing.

First let’s make our directory for the certificates.

sudo mkdir /etc/nginx/certificates/{ssl.key,ssl.crt}

And cd to the new certificates dir

cd /etc/nginx/certificates

Then we run (install openssl if you haven’t already got it)

sudo openssl req -nodes -newkey rsa:2048 -keyout yoursite.key -out yoursite.csr

You will need to answer the questions, and for most of them the answer doesn’t matter. The real important one is “Common Name”. This has to be the name of your website. For example: yoursite.com

If this doesn’t match the name of your site then when anyone goes to your site they will receive a warning that the certificate name doesn’t match the site name.

Now you need to go to where are getting the Certificate from and request a certificate. You will then need to cut and paste all the text from the .csr file into the request. This includes –BEGIN CERTIFICATE– and –END CERTIFICATE–

Once the request is complete you need to download your new certificate as a .crt file and you will probably also have to download the intermediate certificate also as a .crt or .pem.

If there is an intermediate cert you will need to merge them with the following command, or simply copy and paste the text from the intermediate certificate into your site cert.

sudo cat intermediate.pem >> yoursite.crt

Then you need to copy yoursite.key to /etc/nginx/certificates/ssl.crt and yoursite.crt /etc/nginx/certificates/ssl.crt by going to the directory you have the files saved and running

sudo cp yoursite.crt /etc/nginx/certificates/ssl.crt

sudo cp yoursite.key /etc/nginx/certificates/ssl.key

Then in your config file you reference the se locations so the server knows which key and crt file to use.

For example

sudo nano /etc/nginx/sites-available/default

Then add the locations in the SSL Server tags as below

ssl on;

ssl_certificate /etc/nginx/certificates/ssl.crt/yoursite.crt; ssl_certificate_key /etc/nginx/certificates/ssl.key/yoursite.key;

Save the changes then retsrat the webserver service

sudo systemctl restart nginx

Now browse to your site over https.