Nginx is the fastest webserver when compared to Apache. In this post, we are gonna explain on how to secure your website using SSL certificate on ubuntu 16.04.


  1. Ubuntu 16.04
  2. Nginx webserver. If nginx is not installed, please follow the post to install nginx
  3. You must have private key, certificate and intermediate CA(If a CSR is generated on your server then private key must have stored on the same machine)

Install SSL Certificate.

This post assumes that nginx is installed on /etc/nginx directory. If nginx is installed on different directory then you may need to slightly adjust the commands which we are using. However, the process remains same.

Let’s create a directory to store SSL certificate. We are creating the directory on /etc/nginx/ssl.

mkdir /etc/nginx/ssl

Copy the private key to /etc/nginx/ssl directory.

cp /location/domain.tld.key /etc/nginx/ssl

Copy the certificate, intermediate CA to server using winscp or ftp or anyother way to the server. In our example, we copied SSL ceritifcate to /usr/local/src using filezilla

Integrate certificate and intermediate CA into single pem file using the below command.

cd /usr/local/src

cat domain.tld.crt > /etc/nginx/ssl/domain.tld.pem

Open nginx configuration and append the following line after ssl_prefer_server_ciphers on;

vi /etc/nginx/nginx.conf


Open site configuration file and append the following lines. Assuming that there is one domain hosted on the server and the default configuration is /etc/nginx/sites-enabled/default.  If there are multiple domains then we need to append the below lines on the corresponding domain configuration.

Ideally, the location of most of domain configuration will be on /etc/nginx/sites-enabled. If the installation path is different then you need to select appropriate path.

vi /etc/nginx/sites-enabled/default

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

root /var/www/html

ssl_certificate /etc/nginx/ssl/domain.tld.pem;
ssl_certificate_key /etc/nginx/ssl/domain.tld.key;

index index.php index.html index.htm

server_name  _;

location / {
try_files $uri $uri/ /index.php?$args;


This is a minimum configuration which are required to install SSL certificate.

Check for any nginx syntax error.

nginx -t

Once we confirm everything looks good, restart nginx service.

systemctl restart nginx


Use thirdparty websites to verify the SSL certificates.



Leave a Reply