A Quick and Easy Guide on How to Install an SSL Certificate on Nginx Server & Redirect Your WordPress Site From HTTP to HTTPS
Installing an SSL/TLS certificate into your WordPress website hosted on the Nginx server ensures a secure connection between the WordPress website hosted on the Nginx server and the user’s web browser. It secures the data transmission by encrypting it. So, no one can see what information is transmitted except the intended recipient.
Likewise, if your WordPress website is hosted on the Nginx server and you’re not aware of how to install it, keep reading further. Here, we’ll give instructions on how you can install an SSL certificate into a WordPress website that’s hosted on the Nginx server.
But, before we move on to the steps of installing an SSL certificate into your WordPress site, make sure you’ve got these prerequisites:
- A server certificate issued by a respected CA (Certificate Authority) such as Sectigo.
- Intermediate certificates
- Private Key for your WordPress website
- Nginx server installed on your system
- A user account
Quick Steps on How to Install an SSL/TLS Certificate in Your WordPress Site That is Hosted on the Nginx Server
Below are the steps to install an SSL certificate on your Nginx server hosted WordPress website:
Upload the SSL/TLS Certificate on the Nginx Server Where Your Site is Hosted
Once you complete the step of generating a CSR code and activate your SSL/TLS certificate, you’ll get your SSL/TLS certificate issued by the CA to the email address you used at the time of purchasing the SSL certificate.
Note:
Suppose you have selected the NGINX server at the time of activating the certificate. In that case, you’ll receive a zip file containing the certificate file with the ‘.crt’ extension and CA (Certificate Authority) bundle file with the extension ‘.ca-bundle’.
After receiving your new SSL/TLS certificate, you will then next upload it to the server. Other than the email, you can also download a ‘.crt’ and ‘.ca-bundle’ file from the account you created on your certificate provider’s website.
Combine All the Received Certificates Within a Single File
You’ll need to combine all the received certificates, i.e., your_domain_name.crt and your_domain_name.ca-bundle file, within a single ‘.crt’ file.
Likewise, the certificate for your domain should first be inside the file, followed by the CA Bundle files (also called the chain of certificates).
Submit the directory where you would like to upload these certificate files. And then run the below-mentioned command:
$ cat your_domain_name.crt your_domain_name.ca-bundle >> your_domain_name_chain.crt
Another alternative command different from the one above that you can run:
$ cat your_domain_name.crt > your_domain_name_chain.crt ; echo >> your_domain_name_chain.crt ; cat your_domain_name.ca-bundle >> your_domain_name_chain.crt
Modify Existing Nginx Configuration File or Create Nginx Server Block Separately
For installing an SSL/TLS certificate into your WordPress website that is hosted on the Nginx server, you’ll have to tell the server the file you’ll use. And, you can do that in two different ways:
- Edit the existing Nginx configuration file
- Create the new Nginx configuration file
Edit the Existing Nginx Configuration File
You’ll need to edit the default configuration file of your Nginx web server named nginx.conf, which you can find within one of the below-mentioned folders:
- /usr/local/nginx/conf
- /etc/nginx
- /usr/local/etc/nginx
Or else you can even use the command for finding nginx.conf file:
sudo find / -type f -iname “nginx.conf”
And, once you find the default nginx.conf file, open it using the below-mentioned command:
sudo nano nginx.conf
Now, copy and paste one of the server blocks for port 443 and edit directories according to your server block for port 80. Furthermore, it should be with the matching server name, any important values you require, and path toward the webroot. Also, for port 80, you can copy the server block, paste it below, update the port, and add the required SSL directives.
Create the New Nginx Configuration File
By creating a new Nginx configuration file, you can assure yourself that there aren’t any issues with the separately created configuration file. For instance, it’ll be easier to troubleshoot the installation issue that may occur with a new configuration file.
However, when you create the new configuration file, make sure you’re adding the file within this folder:
/etc/nginx/conf.d
You can even do it using this command prompt:
sudo nano /etc/nginx/conf.d/Your_domain_name_example*-ssl.conf
Here Your_domain_name_example*-ssl.conf is the newly created Nginx configuration file.
Once the Nginx configuration file is created, copy and paste the sever blocks for port 443 and edit the directories. Be sure that the path to webroot and server name matches in both the server block port 443 and port 80. Also, if you have any other values that need to be saved, you can move them to the new server block.
Selecting the Server Block
Below is the server block you can select depending on your Nginx server version:
Server Block for Nginx Server Version 1.14 & Below
server {
listen 443;
ssl on;
ssl_certificate /path/to/certificate/your_domain_chain.crt;
ssl_certificate_key /path/to/your_private.key;
root /path/to/webroot;
server_name your_domain.com;
}
You can also specify more than one hostname with such configuration. For example:
server {
listen 443;
ssl on;
ssl_certificate /path/to/certificate/your_domain_name_chain.crt;
ssl_certificate_key /path/to/your_private.key;
root /path/to/webroot;
server_name your_domain_name.com www.your_domain_name.com;
}
Server Block for Nginx Server Version 1.15 & Above
server {
listen 443 ssl;
ssl_certificate /path/to/certificate/your_domain_name_chain.crt;
ssl_certificate_key /path/to/your_private.key;
root /path/to/webroot;
server_name your_domain_name.com;
}
Please make note of that:
- ssl_certificate should be pointing toward the file that contains the combined certificates you created earlier.
- ssl_certificate_key should be pointing toward the Private Key.
Another Note:
For a Wildcard or Multi-Domain SSL certificate, you’ll need to have a separate block added for every sub-domain or domain that you include within the certificate. So, you should make sure that domain and sub-domain, along with the paths toward the same certificate file in the server block, are mentioned earlier.
And, once you add the respective server block in the file, make sure you have saved the edits. Likewise, if you want, you can even verify the changes you made by the below steps:
For verifying if the syntax of the configuration file is correct:
sudo nginx –t
And, if you’re facing an error, then follow the below command to find the error logs for troubleshooting:
sudo nginx -T | grep ‘error_log’
Also, if the named file doesn’t exist, files are commented out, or else non-error files are specified, then you need to check the default system log:
tail /var/log/nginx/error.log -n 20
On the other hand, if the server displays that the test is successful, then restart your Nginx server with the below command:
sudo nginx -s reload
And, once the SSL certificate is installed, you can verify it using the tool SSL Checker. So, you can make sure that the SSL certificate is installed correctly.
Configuring HTTP to HTTPS Redirect
Once you install the SSL certificate successfully on your Nginx hosted WordPress website, it’s recommended that you force HTTPS redirection. Because, even after the installation of an SSL certificate, your website may load using an insecure HTTP connection if it’s not redirected to HTTPS.
For redirecting your WordPress site to a HTTPS connection, you’ll also need to add one line of command into the Nginx configuration file with the server block for port 80.
Below are examples of server block with HTTPS redirection:
Permanently Redirecting HTTP to HTTPS
server {
listen 80;
server_name your_domain_name.com www.your_domain_name.com;
return 301 https://$server_name$request_uri;
}
Permanently Redirecting HTTP to HTTPS for a Non-WWW Domain
server {
listen 80;
server_name your_domain_name.com www.your_domain_name.com;
return 301 https://your_domain_name.com$request_uri;
}
Permanently Redirecting HTTP to HTTPS – The WWW Version
server {
listen 80;
server_name your_domain_name.com www.your_domain_name.com;
return 301 https://www.your_domain_name.com$request_uri;
}
Temporary Redirection to a Non – WWW HTTPS Version
server {
listen 80;
server_name your_domain_name.com www.your_domain_name.com;
return 302 https://your_domain_name.com$request_uri;
}
Wrapping Up
If you’ve followed the steps detailed above correctly, you’ll be in good shape and have your SSL certificate installed in your WordPress website that is hosted on the Nginx server. Likewise, if you have more than one Nginx server running, it’s recommended that you install an SSL certificate on each of the Nginx servers separately.
We hope this article was helpful. Lastly, we also mentioned the HTTP to HTTPS redirection after SSL installation. For example, what command you are supposed to follow if the website is non-www and what command to follow if it’s the www version? We hope this was all clear. We also have a support team available 24/7 365 if you need help. There are available via ticket or email.
It truly is vital you get an SSL certificate from a respected CA, like FastSSL or something similar. This way, you get expert help and other benefits, like an SSL warranty to fall back on if you run into any trouble. Good luck!
WordPress SSL Certificates
Protect your WordPress website in minutes with WordPress SSL Certificate. It includes 256 bit encryption, $10K-$50K warranties, daily WordPress scanner, site seal and more.