To install a valid SSL certificate for your web admin UI, you can use LetsEncrypt, which is a free service. The downside is that you need to renew this certificate every few months.
You may want to pay for an SSL certificate (e.g. GoDaddy), which lasts for one year.
Here is the overall process for obtaining an SSL certificate:
- Create a private key
- Using this private key, create a CSR
- Submit the CSR to the SSL provider
- The SSL provider returns an SSL certificate, bundled with their chain certificate
- Copy the private key and SSL certificate to the Linux filesystem
- Point Nginx to the SSL certificate and key
Before you begin
Before you begin, you will need the following files:
This is the private key that was used to generate the CSR.
This is the SSL certificate for your domain. Your cert may also be bundled (concatenated) with the chain cert of your SSL provider.
Install the SSL certificate
- Copy the private key and SSL certificate to the following location:
- Edit the Nginx conf file:
- Modify the following lines so that they point to your new files:
ssl_certificate /etc/nginx/ssl/website.bundle.crt; ssl_certificate_key /etc/nginx/ssl/website.key;
- On line 61, change the following line:
And replace the wildcard
_ with your domain name.
- Restart Nginx
sudo su nginx -t && service nginx restart
Verify your SSL certificate
At this point, your SSL certificate should be installed.
Open a web browser, and navigate to your domain. You should see a valid SSL certificate.