Install SSL Certificate on NGINX / Ubuntu 16.1 x64 (Digital Ocean)

2
votes

I have been trying to install the RapidSSL certificate on my droplet on Digital Ocean. This droplet is running NGINX / Ubuntu 16.1 x64.

I was following this tutorial: https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority#install-certificate-on-web-server

But I arrived at the part where I need to edit "Nginx server block" : 

  Now go to your Nginx server block configuration directory. Assuming that 
  is located at /etc/nginx/sites-enabled, use this command to change to it:

  cd /etc/nginx/sites-enabled
  Assuming want to add SSL to your default server block file, open the file 
  for editing:

  sudo vi default
  Find and modify the listen directive, and modify it so it looks like this:

  listen 443 ssl; 
  Then find the server_name directive, and make sure that its value matches 
  the common name of your certificate. Also, add the ssl_certificate and 
  ssl_certificate_key directives to specify the paths of your certificate 
  and private key files (replace the highlighted part with the actual path 
  of your files):

  server_name example.com;
  ssl_certificate /home/sammy/example.com.chained.crt;
  ssl_certificate_key /home/sammy/example.com.key;
  To allow only the most secure SSL protocols and ciphers, add the following 
  lines to the file:

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

"Sudo vi default" is an empty file. So where I need to edit the file? Nginx config?

I have :

/etc/nginx/nginx.conf

/etc/nginx/sites-available/nginxconfig

/etc/nginx/sites-enabled/nginxconfig

/home/user/user/deploy/nginxconfig

So which file I need to edit? I am really confused.. any error could end up by breaking my site

2
ubuntunginxhttpsssl-certificate

2 Answers

2
votes

edit this file (you will notice your /sites-enabled/ are sym links )

vi /etc/nginx/sites-available/nginxconfig

find where above file mentions ssl_ciphers just above that line add lines

ssl_certificate     /full/path/to/reach/file/fullchain.pem;
ssl_certificate_key /full/path/to/reach/file/privkey.pem;

a proper TLS nginx config has MANY other settings which are critical to a secure site ... I suggest you spin up a dev digitalocean droplet to make your edits ... along with an additional test TLS cert to match the DNS address of your dev box ... also get your free TLS certs from letsencrypt which work fine just need auto refresh enabled every 3 mo.

Kind folks over at Mozilla made an nginx config generator

https://mozilla.github.io/server-side-tls/ssl-config-generator/

where you specify which version of nginx and it gives you a working config file

0
votes

Here are the steps which you need to follow in order to install free ssl for nginx web server on ubuntu. STEP 1. Login to the Cloud VPS Server Using SSH

If you are using windows, download putty and login with root user and password.

STEP 2. Point your Domain name to the IP address of Cloud VPS

Login to your domain registrar and change the Domain ‘A’ record to point to the IP address of your cloud hosting VPS or hosting server.

Change DNS A Record in Godaddy Account STEP 3. Create or configure the Nginx Server Block to host multiple Websites (Similar to Virtual Hosts in Apache)

First, create the Document root Directory or folder where the website files are stored. Type the following command.

sudo mkdir -p /var/www/domain.com/html Now create the server block for the domain you are hosting or trying to install the SSL certificate for. You should skip this step if your website is already working. But, if you are hosting the website for the first time on your new cloud VPS, then you must create a separate server block for each website you want to host.

sudo nano /etc/nginx/conf.d/domain.com.conf Then, paste the following server block template in the file, make sure you change the domain name to yours.

server { listen 80;

# just Change the domain name in red
    server_name domain.com www.domain.com;

    root /var/www/domain.com/html;
    index index.php index.html index.htm;

access_log /var/log/nginx/http_access.log combined;
    error_log /var/log/nginx/http_error.log;

    location / {
            try_files $uri $uri/ =404;  
    }       

# set long EXPIRES header on static assets
    location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
            expires 30d;
            access_log off;
    }

} Finally, restart the Nginx server for the changes to take effect.

sudo systemctl restart nginx STEP 4. Installing and Setting up Free SSL Certificate

Type the following commands to start the SSL installation:

sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx Type the following command to obtain and install SSL certificates for all the domains or websites you have hosted on this server. Add -dargument followed by each domain name and its aliases and add as many domains as you want in single command.

sudo certbot --nginx -d domain.com -d www.domain.com STEP 5. Verifying Let’s Encrypt SSL Certificate Renewal I have shared the original source link and from there you can get the complete step by step guide on how to host multiple website on a single cloud VPS and then Install Free SSL for Nginx Web Server on Ubuntu.

dry run the following command to test if auto renewal is set properly.

sudo certbot renew --dry-run

And in case if you don’t have enough time to read or you prefer to watch rather than reading then here is the video link.

For a detailed information guide on how to install free SSL on Nginx web server with Ubuntu and host multiple websites on single cloud VPS, you may visit the link on hawkdive : https://www.hawkdive.com/install-free-ssl-for-nginx-web-server-on-ubuntu-16-04-or-ubuntu18-04/

https://www.youtube.com/watch?v=1Un0v4dUTy0&feature=youtu.be