Recently i got my vps corrupted and restored it from a snap shot. Unfortunately, the snap shot doesn't contain my previous https certificate and ssl certificate key. So i have to reissue all the stuff. Below is the steps about installing https certificate bought from namecheap on nginx machine.
-
To activate an SSL certificate you need to submit a CSR (Certificate Signing Request) to namecheap. use the following command to generate it:
openssl req -new -newkey rsa:2048 -nodes -keyout *your-domain*.key -out *your-domain*.csrchange your-domain to your own domain name.
During generation, you will be asked for some infomation, fill them as you like. But in the Common Name field you need to enter the domain name the certificate should be issued for.See more details here: Generating CSR on Apache + OpenSSL/ModSSL/Nginx + Heroku
-
Use the csr code generated in above step to issue a new ssl certificate.
This page describes the process about it.
Normally, you would choose http-based method to complete the DCV(Domain Control Validation).
When completing reissue process, you can download a file from namecheap dashboard. Download the file and upload it to your vps. Typically, you need to put the file to*your wordpress home directory*/.well-known/pki-validationdirectory. Two things you must notice:- The owner of the
.well-knowndirectory must conform to wordpress home owner, usuallywww-data, don't create these directories with root permission. -
Check your nginx configuration file(usually in
/etc/nginx/nginx.confor /etc/nginx/sites-available/your-domain.conf), look up something like this:location ~ /\. { deny all; access_log off; log_not_found off; }this instruction will block any request like
http://your-domain/.well-known/..., so in order to access the file you need to comment out the instruction temporally.
- The owner of the
-
If DCV completed, you will get an email containing a
.crtfile and a.ca-bundlefile. Upload the two files to your server. then combine the two files into a single file:cat *yourdomainname*.crt *yourdomainname*.ca-bundle >> cert_chain.crtthen put the
cert_chain.crtfile and*your-domain*.keyfile to/etc/ssldirectory or other directories as you like. -
Update your nginx configuration file:
server { listen 80; server_name ax1951.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; index index.php index.html index.htm; root /wordpress; server_name ax1951.com; ssl on; ssl_certificate_key /etc/ssl/www_ax1951_com.key; ssl_certificate /etc/ssl/cert_chain.crt; ... }These configurations will enable https connection on your server and redirect http connection to https connection. Also don't forget to restart your nginx service.
-
If there are http contents in your websites, you may get a warning from chrome browser complaining that the connection has mixed content and is not secure. One way to solve this problem is to install a plugin called
SSL Insecure Content Fixerin wordpress, and setFix leveltocontent. -
Also, if you like, you can install a comodo ssl secure icon to your websites. Like this:

Upload the icon to your server and put these javascripts to your wordpressfooter.php:<script type="text/javascript"> //<![CDATA[ var tlJsHost = ((window.location.protocol == "https:") ? "https://secure.comodo.com/" : "http://www.trustlogo.com/"); document.write(unescape("%3Cscript src='" + tlJsHost + "trustlogo/javascript/trustlogo.js' type='text/javascript'%3E%3C/script%3E")); //]]> </script> <script language="JavaScript" type="text/javascript"> TrustLogo("https://ax1951.com/comodo_secure_seal_100x85_transp.png", "CL1", "none"); </script> <a href="https://ssl.comodo.com" id="comodoTL">SSL Certificates</a>
References:
https://www.namecheap.com/support/knowledgebase/article.aspx/9637/68/how-can-i-complete-the-domain-control-validation-dcv-for-my-ssl-certificate
https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx
https://www.namecheap.com/support/knowledgebase/article.aspx/9419/0/nginx
https://www.namecheap.com/support/knowledgebase/article.aspx/811/70/how-do-i-reissue-my-ssl-certificate
https://ssl.comodo.com/site-seal.php