Table of Contents
  • Home
  • /
  • Blog
  • /
  • Step-By-Step Procedure To Install SSL/TLS Certificate On Nginx Web Server!
December 5, 2023

Step-By-Step Procedure To Install SSL/TLS Certificate On Nginx Web Server!

Procedure To Install Ssl Tls Certificate On Nginx Web Server

If you have a website that is running on unsecured HTTP protocol on an Nginx web server, and you want to connect your website through a secured HTTPS channel by installing an SSL/TLS certificate on the Nginx web server, then follow this procedure to install SSL/TLS certificate on Nginx web server.

How To Install SSL/TLS Certificate On Nginx Web Server?

The procedure primarily requires a website running on a web server like Apache or Nginx. An SSL/TLS certificate with the private key to enable HTTPS service on your website. In this demonstration, we have covered right from creating a website to configuring the website with an SSL/TLS certificate. The whole process consists of these four steps. However, you can ignore the first two steps if you have a site hosted on the Nginx web server and an SSL/TLS certificate with a private key.

  1. Set up your own website on the Nginx web server.

  2. Submit the CSR to a Certificate Authority and download the certificate with its private key.

  3. Configure the Nginx configuration file with the SSL/TLS certificate and private key.

  4. Restart the Nginx services.

Install SSL/TLS Certificate on Nginx Web Server!

Step 1. Set up a website on Nginx

In this section, we will be installing Nginx webserver on
Linux Mint and creating a website ‘’. If you have a site running on Nginx, you can skip this section.
#1. Install Nginx on Linux
$ sudo apt-get install nginx

#2. Check the Status
$ sudo systemctl status nginx

#3. Start Nginx if not started
$ sudo systemctl start nginx

#4. Allow both HTTP and HTTPS on the UFW firewall
$ sudo ufw allow ‘nginx full’

#5. Configure a Server Block on NginxMost of the time you may need to host multiple sites/domains on a single web server. Most of the modern web servers accomplish this via virtual hosts. In Nginx, those virtual machines are functioning as server blocks. Nginx has one default server block preconfigured. We are not going to tweak the default server block. We will create a new one for an example site.
#5.1. Create a directory for your site under /var/www/.
$ sudo mkdir -p /var/www/

#5.2. Set the permission and ownership
$ sudo chown $USER:$USER /var/www/
$ sudo chmod 755 /var/www/

#5.3. Create an index.html file for the test site using nano editor
$ sudo nano /var/www/

#5.4. Create the server block configuration file
$ sudo nano etc/nginx/sites-available/

#5.5. Create symbolic link of the configuration file
$ sudo ln -s etc/nginx/sites-available/ etc/nginx/sites-enabled

#6. Restart the Nginx Service
$ sudo systemctl restart nginx

#7. Add the host file entry. Edit the file etc/hosts in nano editor
$ sudo nano etc/hosts

#8. Add the below line right below the localhost entry www. exampledomain .com

This is how you can create a website on Nginx.

Step 2. Create a CSR, submit the CSR to a Certificate Authority, and download the certificate with its private key.

Certificate Signing Request is the first step to get a Certificate for your website.
Create a CSR for the site with a private key. This command will create two files and
$ openssl req -new -newkey rsa:2048 -nodes -keyout -out

#2. Submit the content of the CSR to your internal or public
Certificate Authority to sign the certificate. Once the CA issues the certificate download it to etc/nginx/ssl/ directory on your Nginx server.
#3. Copy the to etc/nginx/ssl/ directory.
Note: You can skip this step if you have the certificate for your site.

Step 3. Configure the Nginx configuration file with the SSL/TLS certificate and private key.

This is the place where you need to link the certificate to your website. Edit the Nginx config file and point the certificate and its private key.

$ sudo nano etc/nginx/sites-available/

server {listen 80;listen 443 ssl;
root /var/www/;index index.html index.htm index.nginx.debian.html;
ssl_certificate etc/nginx/ssl/;
ssl_certificate_key etc/nginx/ssl/;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;
location / {try_files $uri $uri/ =404;}}

Step 4. Restart the Nginx services.

Restart the Nginx service using this domain.

$ sudo systemctl restart nginx

Test the Nginx configuration.

$ sudo nginx -t

If you see a successful message. You can access the site over HTTPS secure channel.

This is how you can install SSL/TLS certificate on the Nginx web server and enable HTTPS communication on your website.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.



View All

Learn Something New with Free Email subscription