x

Adding SSL wildcard certificate to Ubuntu running Nginx

  Andrew Fletcher     published: 13 October 2023         2 minutes read

Adding an SSL wildcard certificate to an Ubuntu server involves several steps.  A wildcard certificate can secure subdomains of a domain with a single certificate. Here's a general outline of the process:

I'll be using an existing wildcard certificate.

sudo apt update && sudo apt upgrade -y

 

Copy the certificate

sudo cp /etc/letsencrypt/live/your_domain/fullchain.pem /etc/ssl/your_domain.crt
sudo cp /etc/letsencrypt/live/your_domain/privkey.pem /etc/ssl/your_domain.key

Add the certificate and corresponding key files to the following locations

ssl_certificate /etc/ssl/certs/{certificate-name}.crt
ssl_certificate_key /etc/ssl/private/{certificate-key-name}.key

 

Create a Nginx Configuration File

Create an Nginx server block configuration file for your domain. You can create a new configuration file in the /etc/nginx/sites-available/ directory.

sudo nano /etc/nginx/sites-available/example.com

Here's a basic Nginx configuration for a website:

server {
   listen 80;
   server_name example.com www.example.com;

   location / {
       # Your regular server configuration
   }
}

server {
   listen 443 ssl;
   server_name example.com www.example.com;

   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

   location / {
       # Your SSL-specific configuration
   }
}

The actual Nginx configuration file was 

proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;
proxy_temp_path /tmp/nginx_proxy 1 2;

server {
    client_max_body_size 100M;

    listen 443 ssl;
    ssl_certificate /etc/ssl/certs/{certificate-name}.crt;
    ssl_certificate_key /etc/ssl/private/{certificate-key-name}.key;

    # Redirect non-https traffic to https
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }

    location / {
        proxy_pass http://127.0.0.1:8080/;
        proxy_set_header Host $host;
        proxy_cache cache;
        proxy_cache_bypass $cookie_auth_tkt;
        proxy_no_cache $cookie_auth_tkt;
        proxy_cache_valid 30m;
        proxy_cache_key $host$scheme$proxy_host$request_uri;
        # In emergency comment out line to force caching
        # proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

}

 

Create a Symbolic Link

Create a symbolic link to enable the configuration by running the following command:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

 

Test Nginx Configuration

Run the following command to check the syntax of your Nginx configuration:

sudo nginx -t

If the configuration test is successful, you can proceed.  A successful response will be

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

 

Restart Nginx

Restart Nginx to apply the changes:

sudo systemctl restart nginx

 

Testing

Test your SSL configuration by accessing your website via HTTPS.  Make sure there are no errors.

Your wildcard SSL certificate is now installed and configured on your Ubuntu server, securing the specified domain and all of its subdomains. Be sure to follow best practices for securing your server and regularly renewing your SSL certificate to maintain security.

Related articles

Andrew Fletcher09 Jun 2024
Overcoming startup challenges with Apache Solr on Ubuntu 24.04
Recently, after upgrading to Ubuntu 24.04, we encountered a significant challenge with our Apache Solr service—it refused to restart. This post documents the steps I took to diagnose and resolve the issues, providing a clear guide for anyone facing similar troubles. Initial troubleshootingThe...