██FR█████ █INTELL███████████

How to Configure SSL Certificates in Nginx for Secure HTTPS Connections


This content originally appeared on DEV Community and was authored by Freedom Coder

Why SSL/TLS Matters

Securing your website with HTTPS is no longer optional—it’s essential. SSL/TLS certificates:

  • Encrypt data between users and your server 🔒
  • Boost SEO rankings (Google favors HTTPS sites)
  • Build user trust with browser padlock icons ✅
  • Prevent “Not Secure” warnings in browsers

Prerequisites

Before starting, ensure you have:

  1. Nginx installed on your server
  2. A registered domain name pointing to your server
  3. SSL certificate files (certificate, private key, and CA bundle)

💡 Pro Tip: Get free certificates from Let’s Encrypt or purchase from trusted CAs like DigiCert/Sectigo.

Step-by-Step Configuration

1. Upload Certificate Files

Place your certificate files in a secure directory:

sudo mkdir /etc/nginx/ssl
sudo cp your_domain.crt /etc/nginx/ssl/
sudo cp your_domain.key /etc/nginx/ssl/
sudo cp ca_bundle.crt /etc/nginx/ssl/  # If provided

2. Configure Nginx Server Block

Edit your site configuration (/etc/nginx/sites-available/your_site):

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name your-domain.com;

    # SSL Certificate Paths
    ssl_certificate /etc/nginx/ssl/your_domain.crt;
    ssl_certificate_key /etc/nginx/ssl/your_domain.key;

    # Enable modern TLS protocols
    ssl_protocols TLSv1.2 TLSv1.3;

    # Optimize cipher suites
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
    ssl_prefer_server_ciphers on;

    # Enable OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    # Cache SSL parameters
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;

    # Your existing configuration (root, index, etc)
    # ...
}

# Redirect HTTP to HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name your-domain.com;
    return 301 https://$host$request_uri;
}

3. Test & Reload Nginx 

sudo nginx -t  # Verify configuration syntax
sudo systemctl reload nginx  # Apply changes

Verify Your Configuration

Check your implementation with these tools:

  • ssllabs.com – Comprehensive security analysis (A+ rating target)
  • whynopadlock.com – Troubleshoot mixed-content issues
  • SSL Checker – Certificate chain verification (Recommended)

Troubleshooting Tips

  • Mixed Content Errors: Ensure all resources (images, scripts) load via HTTPS
  • Certificate Chain Issues: Concatenate certificates: cat your_domain.crt ca_bundle.crt > combined.crt
  • Permissions: Set proper key permissions: sudo chmod 600 /etc/nginx/ssl/*.key
  • Firewalls: Confirm port 443 is open: sudo ufw allow 443/tcp

Security Best Practices

  • Renew certificates before expiration (auto-renew with cron jobs)
  • Enable HSTS header: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  • Use 2048-bit or stronger private keys
  • Disable TLS 1.0/1.1 for improved security

Conclusion

Implementing SSL in Nginx takes <10 minutes but delivers critical security benefits. With modern browsers flagging HTTP sites as “Not Secure,” HTTPS has become mandatory for professional websites.

📚 Further Reading:
Nginx SSL Termination Docs
Mozilla SSL Configuration Generator


This content originally appeared on DEV Community and was authored by Freedom Coder