Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Issuing CSR / private key for new certificate:
    Lets first create dir to store certificate requests and private keys. Login to your HostBill server using ssh and issue following commands:

    Code Block
    mkdir /etc/ssl/certificates
    cd /etc/ssl/certificates/

    Next, we'll issue CSR for new host, you will be prompted with a series of questions, answer them (when asked about passphrase you can leave it blank):

    Code Block
    openssl req -new -newkey rsa:2048 -nodes -keyout yourbrand.com.key -out youtbrand.com.csr


  2. Issue SSL certificate
    Use generated CSR with your SSL Certificates reseller to generate certificate. Once ready, paste its contents to:

    Code Block
    /etc/ssl/certificates/yourbrand.com.crt


    Placing your site certificate at top of said file, followed by Intermediate certificate (if any)

  3. Adding new vhost (server block) to nginx:

    Make a copy /etc/nginx/conf.d/main.conf file:

    Code Block
    cp /etc/nginx/conf.d/main.conf /etc/nginx/conf.d/yourbrand.com.conf

    Update ssl_certificate* and server_name blocks in /etc/nginx/conf.d/yourbrand.com.conf file:

    Code Block
    titleContents of /etc/nginx/conf.d/yourbrand.com.conf
    include /etc/nginx/upstreams/*.conf;
    
    server {
        listen 80;
        server_tokens off;
        return 301 https://$host$request_uri;
    
    }
    
    server {
        listen 443 ssl;
        server_name yourbrand.com www.yourbrand.com;
        server_tokens off;
    
        charset                     utf-8;
        sendfile                    on;
        tcp_nopush                  on;
        tcp_nodelay                 off;
        reset_timedout_connection   on;
    
        location ~* ^.+\.(jpg|gif|png|css|js|swf|ico)$ {
            access_log      off;
            log_not_found   off;
            expires         1y;
        }
    
        include /etc/nginx/ssl.conf;
        include /etc/nginx/locations/*.conf;
    
        ssl_certificate /etc/ssl/certificates/yourbrand.com.crt;
        ssl_certificate_key /etc/ssl/certificates/yourbrand.com.key;
    }
        


  4. Reload nginx to apply new site block + ssl certificate:

    Code Block
    systemctl reload nginx