Yeah, you’re here because you want to know how to install a wildcard SSL certificate on your NGINX server. You’re not the first person to ask, nor are you likely to be the last. After all, NGINX is one of the most popular servers in use, and wildcard SSL certificates are great because they help you secure one domain and all of its first-level sub-domains. Add this together, and it means that sometimes people install wildcard SSL certificates on NGINX.
So, yes, if you’re one of those people, then we wrote this article for you. If you’re not one of those people, you still may learn a thing or two anyhow, so be sure to stick around. We’ve also written many other quick SSL installation guides to serve as resources.
Here’s what you need to know about setting up wildcard SSL for NGINX.
How to Install Wildcard SSL Certificate on NGINX in 6 Steps
Before you can install a wildcard SSL certificate on NGINX, you first need to have a certificate to install. Pretty standard stuff, right? Right. So, if you haven’t already purchased one, we happen to sell wildcard SSL certificates — a lot of them, in fact, because we sell them at the cheapest possible rates.
Purchase Wildcard SSL Certificates & Save Up to 80%
We offer the best discount on all types of Wildcard SSL Certificates from brands like Comodo CA, Sectigo, Thawte, RapidSSL, and Symantec.
Now that that’s out of the way, let’s move on to how to generate a wildcard certificate signing request (CSR) on NGINX:
- Connect to your server via SSH using a privileged account such as a root.
- Enter the following snippet of code:
openssl req –new –newkey rsa:2048 –nodes –keyout (server).key –out (server).csr
- Enter your information in the given fields and make sure it’s accurate — any mistake will require you to generate a new CSR.
- When you’ve completed entering the information, the server will generate and store both the CSR and the private key.
- Open the CSR using:
- Copy its contents and save it to a txt file, then send it to the CA.
Sweet. When that’s all done, the CA will perform validation and issue the certificate. Now, it’s time to install your NGINX wildcard certificate.
Your Step-By-Step Guide for How to Install Wildcard SSL for NGINX
- Connect to the server using SSH again. Same privileged account.
- Copy all the files in the certificate package the CA sent you and put them in the appropriate directories.
- Use the following code to concatenate your leaf certificate and any intermediates:
a. crt COMODORSADomainValidationSecureServerCA.crt >> bundle.crt
- Next, we’ll need to edit your virtual host files to reroute connections through port 443, the HTTPS port. Use this code:
a. listen 443;
- You’ll also need to add the following snippet:
a. ssl on;
b. ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
c. ssl_certificate_key /etc/ssl/your_domain_name.key;
- Restart NGINX.
Congratulations, you’ve just installed a wildcard SSL certificate on NGINX. What if you need to install a wildcard SSL certificate on multiple servers? No worries. We’ve got your step-by-step directions for that as well.