Adding an SSL wildcard certificate to an Ubuntu server involves several steps. A wildcard certificate can secure subdomains of a domain with a single certificate. Here's a general outline of the process:
I'll be using an existing wildcard certificate.
sudo apt update && sudo apt upgrade -y
Copy the certificate
sudo cp /etc/letsencrypt/live/your_domain/fullchain.pem /etc/ssl/your_domain.crt
sudo cp /etc/letsencrypt/live/your_domain/privkey.pem /etc/ssl/your_domain.key
Add the certificate and corresponding key files to the following locations
ssl_certificate /etc/ssl/certs/{certificate-name}.crt
ssl_certificate_key /etc/ssl/private/{certificate-key-name}.key
Create a Nginx Configuration File
Create an Nginx server block configuration file for your domain. You can create a new configuration file in the /etc/nginx/sites-available/ directory.
sudo nano /etc/nginx/sites-available/example.com
Here's a basic Nginx configuration for a website:
server {
listen 80;
server_name example.com www.example.com;
location / {
# Your regular server configuration
}
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
# Your SSL-specific configuration
}
}
The actual Nginx configuration file was
proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;
proxy_temp_path /tmp/nginx_proxy 1 2;
server {
client_max_body_size 100M;
listen 443 ssl;
ssl_certificate /etc/ssl/certs/{certificate-name}.crt;
ssl_certificate_key /etc/ssl/private/{certificate-key-name}.key;
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_cache cache;
proxy_cache_bypass $cookie_auth_tkt;
proxy_no_cache $cookie_auth_tkt;
proxy_cache_valid 30m;
proxy_cache_key $host$scheme$proxy_host$request_uri;
# In emergency comment out line to force caching
# proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
Create a Symbolic Link
Create a symbolic link to enable the configuration by running the following command:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
Test Nginx Configuration
Run the following command to check the syntax of your Nginx configuration:
sudo nginx -t
If the configuration test is successful, you can proceed. A successful response will be
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart Nginx
Restart Nginx to apply the changes:
sudo systemctl restart nginx
Testing
Test your SSL configuration by accessing your website via HTTPS. Make sure there are no errors.
Your wildcard SSL certificate is now installed and configured on your Ubuntu server, securing the specified domain and all of its subdomains. Be sure to follow best practices for securing your server and regularly renewing your SSL certificate to maintain security.