Configuring HTTPS on Linux with Nginx: Obtaining SSL Certificates and Server Setup

To enable HTTPS you first need a valid SSL certificate, which can be purchased from a trusted Certificate Authority (CA) or obtained for free from services such as Let’s Encrypt.

Upload the certificate file (usually .crt or .pem) and the private key file (usually .key) to your Linux server.

Install Nginx by installing dependencies, downloading and extracting the package, then running ./configure, make, and make install. Start Nginx with ./nginx and manage it using ./nginx -s quit, -s stop, or -s reload. Add a startup command to /etc/rc.local if desired.

Edit the Nginx configuration file, typically located at /etc/nginx/nginx.conf or /etc/nginx/conf.d/default.conf, using any text editor.

Add a new HTTPS server block beneath the existing HTTP block. Example configuration:

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /path/to/your/certificate.crt;
    ssl_certificate_key /path/to/your/private.key;
    location / {
        # configure your site content and other directives...
    }
}

Replace example.com with your domain and update the paths to point to the actual certificate and key files.

Save the configuration and restart Nginx, e.g., sudo systemctl restart nginx. Verify the setup by accessing https://example.com with a browser or curl; a lock icon or successful response indicates a working HTTPS connection.

If you need to convert certificates, use OpenSSL commands: openssl x509 -in cert.pem -out cert.crt -text to view and convert a certificate to PEM format, and openssl rsa -in key.pem -out key.key to convert a private key to PEM format. Copy the resulting cert.crt and key.key to the appropriate Nginx directory, update the ssl_certificate and ssl_certificate_key directives in the configuration, then restart Nginx again.

Finally, test the HTTPS connection again to ensure the server presents the correct certificate and that the secure lock appears in browsers.