How to Install SSL Certificate to a WordPress Site Hosted on Nginx Server?

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Install SSL on WordPress with Nginx

Do you want to secure your WP site hosted on an Nginx server using an SSL cert but aren’t aware of the know-how? If that’s the issue with you, don’t – fret! As you have landed on the right article.

In this article, we will explore – “How to install SSL cert on a WordPress site hosted on Nginx Server?”

As you might know, to secure your WP site hosted on an Nginx server, the first and foremost thing that you must have is an SSL cert.

Also Read: How to Install SSL Certificate in NGINX Server?

So, now the question that arises here is: How do you obtain one? The answer is straightforward. To get an SSL cert, you need to submit a CSR for authentication (verification) to a trusted Certificate Authority like – Comodo, Certera, Sectigo, DigiCert etc.

How to Install SSL Cert to a WP Site hosted on a Nginx Server?

Follow the steps to install an SSL cert on the WP site hosted on Nginx Server:

Step 1: Upload Certificate

Once the CSR has been successfully validated, it will be sent to you on your registered mail ID in the form of a .zip folder. Once received, open it and extract all the files, such as:

  • .crt file
  • .ca-bundle file

Once extracted, upload the certificate files on the Nginx server by using your login credentials. 

Step 2: Combine Certificates

In this step, you need to copy all the content of your .crt file and .ca-bundle file and paste it into a single file (final.crt). The content of the .crt file should be pasted firs, and then the content of the .ca-budle file should be pasted in the final certificate file (final.crt file).

Once done, submit the file (directory) where you desire the file to be uploaded. After doing so, run any one of the commands mentioned below:

  • $ cat your_domain_name.crt >> your_domain_name_chain.crt
  • $ cat your_domain_name.crt > your_domain_name_chain.crt ; echo >> your_domain_name_chain.crt ; cat >> your_domain_name_chain.crt

Step 3: Modify Nginx Configuration

In this step, you need to modify the Nginx server configuration, or you can simply create an Nginx block separately. There are two methods to do so. Choose any one that suits you:

  • Make the new Nginx config file
  • Edit the current Nginx config file

Let’s explore both methods.

Method 1: Make the new Nginx config file

If you are opting for this method, you can be assured of one thing – There will be no issues with the configuration file, which may exist in the current or existing configuration file. 

After creating a new configuration file, make sure that you add it to the /etc/nginx/conf.d folder. If you are unable to find the folder, you can also use the command mentioned below to do the needful:

sudo nano /etc/nginx/conf.d/Domain_name_final*-ssl.conf 

After creating the Nginx configuration file, copy and paste the server blocks for the 443 port and edit the directories. Verify that the server name and path to Webroot matches in both server block ports—443 and 80. 

Method 2: Edit the Current Nginx Config File

If you want to use this method, then you need to edit the nginx.conf (default configuration file of Nginx web server). The nginx.conf file can be found in any of these locations:

  • /etc/nginx
  • /usr/local/etc/nginx
  • /usr/local/nginx/conf

In case you are not able to find the nginx.conf file, use the command mentioned below to do the same:

sudo find / -type f -iname “nginx.conf”

After finding the nginx.conf file, open it using the sudo nano nginx.conf command. Once opened, copy & paste server blocks for port 443. After that, edit directories as per your server block for port 80. 

Recommended: Port 80 (HTTP) vs. Port 443 (HTTPS): Difference

Also, make sure that the server name, necessary values, and webroot path all match. And for port 80, you can duplicate the server block, paste it below, modify the port, and include the necessary SSL directives.

Step 4: Choose the Appropriate Server Block 

Now, you need to select the server block depending on the Nginx version. 

Use the below mentioned server block for Nginx version 1.14 and down:

server {
listen 443;
ssl on;
ssl_certificate /path/to/certificate/your_domain_chain.crt;
ssl_certificate_key /path/to/your_private.key;
root /path/to/webroot;

Use the below mentioned server block for Nginx version 1.15 and up:

server { 
listen 443 ssl; 
ssl_certificate /path/to/certificate/your_domain_name_chain.crt;
ssl_certificate_key /path/to/your_private.key; 
root /path/to/webroot; 

Ensure that ssl_certificate points toward the private key and the file containing the combined certificates you created before.

Step 5: Verify Configuration

In this step, you need to verify syntax correctness and troubleshoot any errors.

To verify the syntax of the configuration file, use the command mentioned below:

sudo nginx –t

To find the error logs for troubleshooting, use the command mentioned below:

sudo nginx -T | grep ‘error_log’

You can use the tail /var/log/nginx/error.log -n 20

command to check the default system log, in cases such as: 

  • The named file does not exist
  • Non-error files are mentioned, 
  • Files are commented out

Use the below mentioned command if the test is successful and restart the Nginx server:

sudo nginx -s reload

Kudos!! You have successfully installed an SSL cert to a WP site hosted on Nginx Server. 

Test The Installation

All that’s left is to test the installation using diagnostic tools such as:

  • SSL Checker or SSL Labs
  • SSL/TLS Capabilities of Your Browser, etc.

Doing so will provide prompt assessments and in-depth analysis of your SSL certificate’s condition. 

You Might Interested: How to Install a Wildcard SSL Certificate on NGINX Server?

Cheapest SSL/TLS Certificates starts at just $3.99 Per Year

~ Browse the Catalog
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.

Cheap Wildcard SSL