Installing SSL (GoDaddy) on NGINX
Complete step wise SSL installation guide. Achieving A+ score to SSL certs installation on server
In mac terminal,
cmd 1: cd ~/.ssh
cmd 2: ls
cmd 3: mkdir -p yourdomain.com
cmd 4: cd yourdomain.com
After creating a server key
openssl genrsa -des3 -out yourdomain.com.key 2048
Step 2: Running below command in so that I can load the key when needed.
openssl rsa -in yourdomain.com.key -out yourdomain.com.key
Step 3: Finally, I created a CSR file by running
openssl req -nodes -new -key yourdomain.com.key -out yourdomain.com.csr
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank.
For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
— — -
Country Name (2 letter code) :
State or Province Name (full name) :
Locality Name (eg, city) :
Organization Name (eg, company) :Organisation name
Organizational Unit Name (eg, section) :
Common Name (eg, fully qualified host name) :yourdomain.com
PS: For wildcard SSL Certificates
Common Name (eg, fully qualified host name) : *.yourdomain.com
Email Address : mail address
Step 4: To view CSR key
Then, you need to copy and paste the whole block, including
— — -BEGIN NEW CERTIFICATE REQUEST — — -
— — -END NEW CERTIFICATE REQUEST — — -
into GoDaddy’s online form, otherwise you get the error message you described.
Download SSL certificates, from this URL https://certs.godaddy.com/cert . For NGINX, you can opt for Apache server from dropdown list.
Soon after downloading, extract the zip file. you find two files.
Renaming above files
a) Random name.crt => yourdomain.com.crt
b) gd_bundle-g2-g1.crt => intermediate.crt
Now, we need to create chained certificate. For that
cat yourdomain.com.crt intermediate.crt >> yourdomain.com.chained.crt
Now we need configure our,
I have attached sample reference from NGINX official documentation.
Configuring HTTPS servers
To configure an HTTPS server, the ssl parameter must be enabled on listening sockets in the server block, and the…
- Download intermediate certificate from your SSL authorities. Here in our instance, GoDaddy.
- Run the below mentioned command in terminal
cat yourdomain.chained.crt gd_intermediate.crt > ocsp-chain.crt
Test OCSP stapling with below command
echo QUIT | openssl s_client -connect yourdomain.com:443 -status 2> /dev/null | grep -A 17 ‘OCSP response:’ | grep -B 17 ‘Next Update’
Ref: From dear medium friend,
How to properly configure your nginx for TLS
It’s quite easy to get nginx configured to use TLS. It’s a little bit more difficult to configure it to do it properly…
Recommended SSL Checkers: