Nginx SSL certificate installation and configuration.

The first thing you need to do is go into the control panel for HostRooster and make an SCR request. After you have responded to this alert and chosen the necessary certificate, the following step that should be taken is to install the certificates ending in.CRT and.CA. Let’s take a more in-depth look at the process of installing these certificates on as well as computers running Ubuntu, , or .

So, after doing the above steps, in the section located in the HostRooster control panel, there are two  .CA and .CRT .

Uploading SSL to the Server

It is necessary for the server to receive both the.CA and the.CRT files. The terminal is typically used to operate , and a graphical user interface (GUI) might not be present. In this scenario, you are able to transfer data by first sending them to a computer running a different operating system. In the following, we will explain how one may go about doing this.

It is essential that a pair of keys, both private and public, be produced at the location where the certificates themselves are being deployed. If, on the other hand, they were formed on a different computer, the private key (the file ending in.key) has to be transferred to your server by following the procedures outlined below for copying it.

Porting from Unix systems

In this case, the easiest option would be to use the built-in terminal option – SCP:

1. The .CA and .CRT files are downloaded from the HostRooster panel to your computer.
2. Open the terminal and go to the place for downloading certificates, for example:

cd ~/MyDownloadedFiles

Upload all issued certificates to the web server:

scp yourtest.com_crt.crt yourtest.com_ca.crt login@

More details:

scp – copies files;
yourtest.com_crt.crt – an example of the name of the certificate of your resource downloaded from the HostRooster panel;
yourtest.com_ca.crt – an example of the name of the CA certificate downloaded from the HostRooster panel;
login – the user who connects via (sometimes it becomes root); – IP address;
/etc/ssl is the folder where you want to send the saved files.

Boot via Windows operating system

The first step is to install the WinSCP client . You can download it from the link .

We launch. A window will open where you need to enter the connection settings via the SSH protocol.

The folders and files that are stored on the local system will be displayed on the left, while the files that are stored on the working server that you are connected to will be displayed on the right. You will need to choose (or create, if there isn’t already one) the location to which the certificates will be delivered. Transferring the.CA and.CRT files may be done by utilizing the drag-and-drop capability while holding down the left mouse button.

It’s crucial that you save the.key in the same folder as your certificate files. You can skip this step, but then you’ll need to remember the file’s location and use its path when setting Apache instead of the one we used as an example.

In the event that a private key is generated on the server, you can use the command: to make a duplicate of.key and transmit it to another directory.

cp /home/root/private.key /etc/ssl/private.key


cp – responsible for copying;
/home/root/ – path to the file if you logged in “as root”;
private.key – filename of the key itself;
/etc/ssl/private.key is the path where we want to copy the key.

You can use the command and delete the key in the old directory:

rm /home/root/private.key

Nginx configuration for SSL

You must setup Nginx after making copies of all the required certificates. Using SSH, log in as root, and then carry out the following actions:

1. .CA (certificate authority file), as well as .CRT (website file) are converted into one:

cat /etc/ssl/testdomain.com_crt.crt /etc/ssl/testdomain.com_ca.crt >> testdomain.crt

2. Open the file with the settings of the resource that requires an SSL certificate. Below is an example when the parameters are located at /etc/nginx/sites-enabled/files :

nano /etc/nginx/sites-enabled/files

Please note: on Ubuntu/Debian distributions , Nginx web resource settings are usually located in the /etc/nginx/sites-enabled/ directory. On a CentOS distribution , the default directory is /etc/nginx/conf.d/ . On systems of the Unix family, searching through the ls /folder/settings command (for example, ls /etc/nginx/sites-enabled) works well , which will open a complete list of files in the directory.

Next, using the nano utility, open the selected file (for example, nano /etc/nginx/websites-enabled/file ). You can find out if we found the right file inside server_name . The value of this string must be replaced with the where the certificate is installed (for example, ).

For the CentOS operating system, it’s important to note that you may install the nano editor by following these steps:

yum install nano

Add the parameters from the example to your configuration:

listen 443 ssl;
ssl_certificate /etc/ssl/testdomain.crt;
ssl_certificate_key /etc/ssl/test.key;

Do not forget to change to yours:
/etc/ssl/test.crt – specify the location of your certificates;
/etc/ssl/test.key – specify the location of the private key.

Let’s restart:

Reboot Debian and Ubuntu:

/etc/init.d/nginx restart

Restart CentOS:

service nginx restart

Consider that you have set up an iptables firewall. Port 443 should be opened in this situation. Just consult the system you are using’s documentation. The way iptables functions may vary between Linux distributions. Here are a few instances:

For CentOS we write:

iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Ubuntu 16.04 is more concise:

ufw allow 443/tcp

On Debian we write the following:

iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

Checking the settings

After all the manipulations, your Apache has ready-made SSL certificates. To make sure that all configurations are correct, open your resource through any browser, adding the letter s to the site address (for example,, so that it looks like this: http s :// If you did everything right, a “lock” will be displayed next to the site URL. If you click on the padlock, you will get information about the SSL certificate.

Collections of SSL certificates: DV certificate for domain , EV green line certificate , WC certificate for subdomains , SAN multi-domain certificate .


Welcome to the world of DomainRooster, where roosters (and hens) rule the roost! We're a one-stop shop for all your entrepreneurial needs, bringing together domain names and website hosting, and all the tools you need to bring your ideas to life. With our help, you'll soar to new heights and hatch great success. Think of us as your trusty sidekick, always there to lend a wing and help you navigate the sometimes-complex world of domain names and web hosting. Our team of roosters are experts in their fields and are always on hand to answer any questions and provide guidance. So why wait? Sign up today and join the ranks of the world's greatest entrepreneurs. With DomainRooster, the sky's the limit! And remember, as the saying goes, "Successful people do what unsuccessful people are not willing to do." So don't be afraid to take that leap of faith - DomainRooster is here to help you reach for the stars. Caw on!