How to Install SSL on Nginx

Installing an SSL certificate on Nginx is straightforward once you have your certificate files ready. This guide covers the full process — from uploading your certificate to configuring HTTPS and setting up automatic HTTP to HTTPS redirects.

Prerequisites

Before you start, make sure you have:

Root or sudo access to your server
Nginx installed and running
Your SSL certificate files — usually a .crt and a .key file
A domain pointing to your server's IP

💡

Don't have an SSL certificate yet? You can buy one from our store starting at $13.99/yr. After purchase you'll receive the certificate files by email within minutes (DV) or 1-3 days (OV/EV).

Step 1 — Upload Your Certificate Files

Upload your certificate and private key to your server. A common location is /etc/nginx/ssl/:

# Create the SSL directory
sudo mkdir -p /etc/nginx/ssl/yourdomain.com

# Upload via SCP from your local machine
scp yourdomain.crt user@yourserver:/etc/nginx/ssl/yourdomain.com/
scp yourdomain.key user@yourserver:/etc/nginx/ssl/yourdomain.com/

# Set correct permissions
sudo chmod 600 /etc/nginx/ssl/yourdomain.com/yourdomain.key
sudo chmod 644 /etc/nginx/ssl/yourdomain.com/yourdomain.crt

⚠️

Bundle file: Some CAs provide a separate CA bundle file. If so, concatenate it with your certificate: cat yourdomain.crt ca-bundle.crt > yourdomain-bundle.crt and use the bundle file in Nginx.

Step 2 — Configure Nginx

Edit your Nginx server block — usually found in /etc/nginx/sites-available/yourdomain.com:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name yourdomain.com www.yourdomain.com;

    # Certificate files
    ssl_certificate     /etc/nginx/ssl/yourdomain.com/yourdomain.crt;
    ssl_certificate_key /etc/nginx/ssl/yourdomain.com/yourdomain.key;

    # SSL settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;

    # HSTS (optional but recommended)
    add_header Strict-Transport-Security "max-age=63072000" always;

    root /var/www/yourdomain.com;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

# HTTP → HTTPS redirect
server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;
}

Step 3 — Test and Reload Nginx

Test the configuration
```
sudo nginx -t
```
You should see: syntax is ok and test is successful. If not, check the error message and fix your config.
Reload Nginx
```
sudo systemctl reload nginx
```
Verify in browser

Open https://yourdomain.com — you should see the padlock icon. Click it to confirm the certificate details are correct.

Step 4 — Verify Your SSL Installation

Use our free SSL Certificate Checker to verify your installation is correct, trusted by all browsers, and properly configured.

✅

Common issues: If you see a warning after installing, check for mixed content (HTTP images/scripts on your HTTPS page), incorrect bundle file order, or wrong file permissions on the private key.

Certificate Renewal

SSL certificates expire — DV certificates typically last 1 year. You'll receive reminder emails from MySSLPro at 90, 60, and 30 days before expiry. When renewing, repeat this process with the new certificate files.

Prerequisites

Step 1 — Upload Your Certificate Files

Step 2 — Configure Nginx

Step 3 — Test and Reload Nginx

Step 4 — Verify Your SSL Installation

Certificate Renewal

Related Guides

Need an SSL Certificate?