Get Your Certificate Signing Request (CSR)

From Amazon Linux:

Buy Your Certificate

From Name.com purchase a cert for either a wildcard or single-host fully-qualified domain name.  It must match the domain identifier . used when creating your CSR.

You’ll need the contents of the .csr file and private key you created above.

Install Your Certificate

It may take 2-5 business days to get your domain ownership validated and receive your certificate if this is not a renewal.  Check back at Name.com to obtain your certificate.    When ready it will bring you to a page showing 3 parts needed to validate the certificate, the Server Certificate, the CA Certificate, and the Root Certificate.

All 3 of these must appear in the crt file you are about to create.   The crt file is known as a “chained certificate” which includes the content of all 3 certificates concatenated in a single file.    The certificates each certify the level above it so you server certificate goes on top, validated by the Certificate Authority (CA) certificate, which is validated by a root certificate.

From Amazon Linux

Past in the contents of the certificates provided by name.com in the order provided.

You will end up with a file that has 3 begin/end certificate sections.

You can, and should,  delete your .csr file at this point.

Configure NGINX

If you haven’t done so already you’ll need to edit your website configuration at /etc/nginx/sites-available/<domain>.<tld> and create a SSL certificate snippet that tells the web server where to find your SSL certificate for that site.

The snippet  in /etc/nginx/snippets/<domain>.<tld>.conf will look something like this:

Your site config file for nginx will be similar to this:

 

Restart your nginx server.

 

 

Share Your Insight

%d bloggers like this: