How to Install an SSL Certificate to WordPress Site Hosted on Nginx Server

1 Star2 Stars3 Stars4 Stars5 Stars (14 votes, average: 43.57 out of 5)
Loading...

A Quick and Easy Guide on How to Install an SSL Certificate on Nginx Server & Redirect Your WordPress Site From HTTP to HTTPS

Installing an SSL/TLS certificate into your WordPress website hosted on the Nginx server ensures a secure connection between the WordPress website hosted on the Nginx server and the user’s web browser. It secures the data transmission by encrypting it. So, no one can see what information is transmitted except the intended recipient.

install ssl in wordpress hosted on nginx server

Likewise, if your WordPress website is hosted on the Nginx server and you’re not aware of how to install it, keep reading further. Here, we’ll give instructions on how you can install an SSL certificate into a WordPress website that’s hosted on the Nginx server.

But, before we move on to the steps of installing an SSL certificate into your WordPress site, make sure you’ve got these prerequisites:

  • A server certificate issued by a respected CA (Certificate Authority) such as Sectigo.
  • Intermediate certificates
  • Private Key for your WordPress website
  • Nginx server installed on your system
  • A user account

Quick Steps on How to Install an SSL/TLS Certificate in Your WordPress Site That is Hosted on the Nginx Server

Below are the steps to install an SSL certificate on your Nginx server hosted WordPress website:

Upload the SSL/TLS Certificate on the Nginx Server Where Your Site is Hosted

Once you complete the step of generating a CSR code and activate your SSL/TLS certificate, you’ll get your SSL/TLS certificate issued by the CA to the email address you used at the time of purchasing the SSL certificate.

Note:

Suppose you have selected the NGINX server at the time of activating the certificate. In that case, you’ll receive a zip file containing the certificate file with the ‘.crt’ extension and CA (Certificate Authority) bundle file with the extension ‘.ca-bundle’.

After receiving your new SSL/TLS certificate, you will then next upload it to the server. Other than the email, you can also download a ‘.crt’ and ‘.ca-bundle’ file from the account you created on your certificate provider’s website.

Combine All the Received Certificates Within a Single File

You’ll need to combine all the received certificates, i.e., your_domain_name.crt and your_domain_name.ca-bundle file, within a single ‘.crt’ file.

Likewise, the certificate for your domain should first be inside the file, followed by the CA Bundle files (also called the chain of certificates).

Submit the directory where you would like to upload these certificate files. And then run the below-mentioned command:

$ cat your_domain_name.crt your_domain_name.ca-bundle >> your_domain_name_chain.crt

Another alternative command different from the one  above that you can run:

$ cat your_domain_name.crt > your_domain_name_chain.crt ; echo >> your_domain_name_chain.crt ; cat your_domain_name.ca-bundle >> your_domain_name_chain.crt

Modify Existing Nginx Configuration File or Create Nginx Server Block Separately

For installing an SSL/TLS certificate into your WordPress website that is hosted on the Nginx server, you’ll have to tell the server the file you’ll use. And, you can do that in two different ways:

  • Edit the existing Nginx configuration file
  • Create the new Nginx configuration file

Edit the Existing Nginx Configuration File

You’ll need to edit the default configuration file of your Nginx web server named nginx.conf, which you can find within one of the below-mentioned folders:

  • /usr/local/nginx/conf
  • /etc/nginx
  • /usr/local/etc/nginx

Or else you can even use the command for finding nginx.conf file:

sudo find / -type f -iname “nginx.conf”

And, once you find the default nginx.conf file, open it using the below-mentioned command:

sudo nano nginx.conf

Now, copy and paste one of the server blocks for port 443 and edit directories according to your server block for port 80. Furthermore, it should be with the matching server name, any important values you require, and path toward the webroot. Also, for port 80, you can copy the server block, paste it below, update the port, and add the required SSL directives.

Create the New Nginx Configuration File

By creating a new Nginx configuration file, you can assure yourself that there aren’t any issues with the separately created configuration file. For instance, it’ll be easier to troubleshoot the installation issue that may occur with a new configuration file.

However, when you create the new configuration file, make sure you’re adding the file within this folder:

/etc/nginx/conf.d

You can even do it using this command prompt:

sudo nano /etc/nginx/conf.d/Your_domain_name_example*-ssl.conf

Here Your_domain_name_example*-ssl.conf is the newly created Nginx configuration file.

Once the Nginx configuration file is created, copy and paste the sever blocks for port 443 and edit the directories. Be sure that the path to webroot and server name matches in both the server block port 443 and port 80. Also, if you have any other values that need to be saved, you can move them to the new server block.

Selecting the Server Block

Below is the server block you can select depending on your Nginx server version:

Server Block for Nginx Server Version 1.14 & Below

server {

listen 443;

ssl on;

ssl_certificate /path/to/certificate/your_domain_chain.crt;

ssl_certificate_key /path/to/your_private.key;

root /path/to/webroot;

server_name your_domain.com;

}

You can also specify more than one hostname with such configuration. For example:

server {

listen 443; 

ssl on; 

ssl_certificate /path/to/certificate/your_domain_name_chain.crt; 

ssl_certificate_key /path/to/your_private.key; 

root /path/to/webroot; 

server_name your_domain_name.com www.your_domain_name.com;

}

Server Block for Nginx Server Version 1.15 & Above

server { 

listen 443 ssl; 

ssl_certificate /path/to/certificate/your_domain_name_chain.crt; 

ssl_certificate_key /path/to/your_private.key; 

root /path/to/webroot; 

server_name your_domain_name.com; 

}

Please make note of that:

  • ssl_certificate should be pointing toward the file that contains the combined certificates you created earlier.
  • ssl_certificate_key should be pointing toward the Private Key.

Another Note:

For a Wildcard or Multi-Domain SSL certificate, you’ll need to have a separate block added for every sub-domain or domain that you include within the certificate. So, you should make sure that domain and sub-domain, along with the paths toward the same certificate file in the server block, are mentioned earlier.

And, once you add the respective server block in the file, make sure you have saved the edits. Likewise, if you want, you can even verify the changes you made by the below steps:

For verifying if the syntax of the configuration file is correct:

sudo nginx –t

sudo nginx t code
And, if you’re facing an error, then follow the below command to find the error logs for troubleshooting:

sudo nginx -T | grep ‘error_log’

Also, if the named file doesn’t exist, files are commented out, or else non-error files are specified, then you need to check the default system log:

tail /var/log/nginx/error.log -n 20

On the other hand, if the server displays that the test is successful, then restart your Nginx server with the below command:

sudo nginx -s reload

And, once the SSL certificate is installed, you can verify it using the tool SSL Checker. So, you can make sure that the SSL certificate is installed correctly.

Configuring HTTP to HTTPS Redirect

Once you install the SSL certificate successfully on your Nginx hosted WordPress website, it’s recommended that you force HTTPS redirection. Because, even after the installation of an SSL certificate, your website may load using an insecure HTTP connection if it’s not redirected to HTTPS.

For redirecting your WordPress site to a HTTPS connection, you’ll also need to add one line of command into the Nginx configuration file with the server block for port 80.

Below are examples of server block with HTTPS redirection:

Permanently Redirecting HTTP to HTTPS

server { 

listen 80; 

server_name your_domain_name.com www.your_domain_name.com; 

return 301 https://$server_name$request_uri;

}

Permanently Redirecting HTTP to HTTPS for a Non-WWW Domain

server {

listen 80; 

server_name your_domain_name.com www.your_domain_name.com; 

return 301 https://your_domain_name.com$request_uri;

}

Permanently Redirecting HTTP to HTTPS – The WWW Version

server { 

listen 80; 

server_name your_domain_name.com www.your_domain_name.com; 

return 301 https://www.your_domain_name.com$request_uri; 

}

Temporary Redirection to a Non – WWW HTTPS Version

server { 

listen 80; 

server_name your_domain_name.com www.your_domain_name.com; 

return 302 https://your_domain_name.com$request_uri; 

}

Wrapping Up

If you’ve followed the steps detailed above correctly, you’ll be in good shape and have your SSL certificate installed in your WordPress website that is hosted on the Nginx server. Likewise, if you have more than one Nginx server running, it’s recommended that you install an SSL certificate on each of the Nginx servers separately.

We hope this article was helpful. Lastly, we also mentioned the HTTP to HTTPS redirection after SSL installation. For example, what command you are supposed to follow if the website is non-www and what command to follow if it’s the www version? We hope this was all clear. We also have a support team available 24/7 365 if you need help. There are available via ticket or email.

It truly is vital you get an SSL certificate from a respected CA, like FastSSL or something similar. This way, you get expert help and other benefits, like an SSL warranty to fall back on if you run into any trouble. Good luck!

WordPress SSL Certificates

Protect your WordPress website in minutes with WordPress SSL Certificate. It includes 256 bit encryption, $10K-$50K warranties, daily WordPress scanner, site seal and more.

Buy WordPress SSL Certificates