...
Issuing CSR / private key for new certificate:
Lets first create dir to store certificate requests and private keys:Code Block mkdir /etc/ssl/certificates cd /etc/ssl/certificates/
Next, we'll issue CSR for new host, you will be prompted with a series of questions, answer them (when asked about passphrase you can leave it blank):
Code Block openssl req -new -newkey rsa:2048 -nodes -keyout yourbrand.com.key -out youtbrand.com.csr
Issue SSL certificate
Use generated CSR with your SSL Certificates reseller to generate certificate. Once ready, paste its contents to:Code Block /etc/ssl/certificates/yourbrand.com.crt
Placing your site certificate at top of said file, followed by Intermediate certificate (if any)Adding new vhost (server block) to nginx:
Make a copy /etc/nginx/conf.d/main.conf file:Code Block cp /etc/nginx/conf.d/main.conf /etc/nginx/conf.d/yourbrand.com.conf
Update ssl_certificate* and server_name blocks in /etc/nginx/conf.d/yourbrand.com.conf file:
Code Block title Contents of /etc/nginx/conf.d/yourbrand.com.conf include /etc/nginx/upstreams/*.conf; server { listen 80; server_tokens off; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name yourbrand.com www.yourbrand.com; server_tokens off; charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay off; reset_timedout_connection on; location ~* ^.+\.(jpg|gif|png|css|js|swf|ico)$ { access_log off; log_not_found off; expires 1y; } include /etc/nginx/ssl.conf; include /etc/nginx/locations/*.conf; ssl_certificate /etc/ssl/certificates/yourbrand.com.crt; ssl_certificate_key /etc/ssl/certificates/yourbrand.com.key; }Reload nginx to apply new site block + ssl certificate:
Code Block systemctl reload nginx