Installing an SSL Certificate in NGiNX

After you enter the CSR in our online application, and once your certificate is ready for installation, you need to download all of the files provided. You must install the intermediate and primary certificate together as a .PEM format file, and may need to concatenate them together if you have been provided .CRT files. For more information see Downloading Your SSL Certificate.


1. Copy the downloaded certificate files to your server. Place them somewhere with the .KEY file that was generated when you requested your CSR. You will need all these for the installation.


2. Concatenate the primary and intermediate certificates. This combines your supplied .CRT files into an NGiNX-compatible .PEM format file.

You can concatenate your Primary Certificate (primarycert.crt) and your Intermediate Certificate (intermediatecert.crt) into a .PEM format file by running the following command on your NGiNX server:

 cat primarycert.crt intermediatecert.crt >> bundle.crt

3. Edit the NGiNX virtual hosts file to assign the correct certificate  and associated Private Key within the server.

Now open your Nginx virtual host file for the website you are securing. If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection. Make a copy of the existing non-secure server module and paste it below the original. Then add the lines in bold below:

server {

listen   443;

ssl    on;
ssl_certificate    /etc/ssl/your_domain_name.pem; (or bundle.crt)
ssl_certificate_key    /etc/ssl/your_domain_name.key;

access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
          root   /home/www/public_html/;
          index  index.html;


Adjust the file names to match your certificate files:

  • ssl_certificate should be your primary certificate combined with the intermediate certificate that you made in the previous step (e.g. your_domain_name.crt).
  • ssl_certificate_key should be the key file generated when you created the CSR.


4. Restart NGiNX

Run the following command to restart Nginx:

sudo /etc/init.d/nginx restart

Your SSL Certificate is installed. If you have problems, please see Where can I get information about my SSL’s configuration?

Done Button