- Get the zip of SSL certificates from GoDaddy site: _.yoursite.com.zip
Contents of the zip will contain the following files:- 4a…..f.crt
- 4a…..f.pem
- gd_……g1.crt
- Get the private key file from GoDaddy:
- generated-private-key.txt
- Copy SSL files to the folowing folder on your MAC:
/Users/<YourMacMachineUserName>/SSL
Rename the following files:- gd_bundle-g2-g1.crt > intermediate.crt
- 4a……7f.crt > yourdomain.com.crt
- generated-private-key.txt > yourdomain.com.key
- Generate a chained crt “yourdomain.com.chained.crt” for public key portion for Ubuntu:
Run the following command to combine crt and bundle crt into one file:
sudo cat yourdomain.com.crt intermediate.crt >> <code>yourdomain.com.chained.crt
The combine crt will look like this:
<em>-----BEGIN CERTIFICATE----- MIIGjzCCBXegAwIBAgIIBKbcmr8tWX8wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow ....... ....... Az0wggM5MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF hEshB82knFa17T3rPaCEbZbpkKmsBcQUBPB3x/y 4o+F -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx 9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUF....... ....... DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11 GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVT MSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdv ....... ....... qm5vjLyb4lddJIGvl5echK1srDdMZvNhkREg5L4wn3qkKQmw4TRfZHcYQFHfjDCm rw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh ....... .......VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ReYNnyicsbkqWletNw+vHX/bvZ8= -----END CERTIFICATE-----</em>
- Generate a chained key “yourdomain.com.private.key” for private key portion for Ubuntu.
Run the following command to combine key and crt into one file:
sudo cat yourdomain.com.key yourdomain.com.crt >> yourdomain.com.private.key
The combine key will look like this:
---<em>--BEGIN CERTIFICATE----- MIIGjzCCBXegAwIBAgIIBKbcmr8tWX8wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow ....... ....... mBkeZhOfN7rj9WujlUP985TsFyQK6/4VzgiKNWnf1FEwaIPIIeSMFB/AaibSkQlF uO2KOIsPO78/7YcyNUCaigb3/hEshB82knFa17T3rPaCEbZbpkKmsBcQUBPB3x/y 4o+F -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCoIZe1X50uQCYm Y9I3aPobBRH+xIDCupk89FziJ6EwNw8uIocDnZQAFkfQYprpzmVn8qoGZUjVX/d7 1Ux8x4lFaf68yJ+XN6K3YJdSi/HuQpsGetmCvaXvMa1Sk00lnlC8QMbzoecwnpOD ....... ....... UnN+ZeA2LqWOQfRgkSg7/DQdmWMGZvkDZhxcqh388hxP1Nh0xwMH783JL2uUCHWF 01ASMI/+ZJbKYM2SrU84 -----END PRIVATE KEY-----</em>
- Connect to EC2 from Mac’s terminal:
Run the following command from the terminal where <Your-Server-Key-Pair.pem> is present. Example: /Users/<YourMacMachineUserName>/<YourDomain>/SSH_Keys/<Your-Server-Key-Pair>.pem
ssh -i "YourServer-Server-Key-Pair.pem" ubuntu@ec2-<YourEC2IPWithDashes>.compute-1.amazonaws.com
- Create /etc/nginx/ssl directory on the Ubuntu server:
Run the following command:
sudo mkdir /etc/nginx/ssl
- Copy the keys from MAC to Ubuntu:
In another terminal, run the following commands:
Copy yourdomain.com.chained.crt to Ubuntu server:
scp -i /Users/<YourMacMachineUserName>/<YourDomain>/SSH_Keys/<Your-Server-Key-Pair>.pem /Users/<YourMacMachineUserName>/<code><YourDomain>/SSL/<YourDomain>.com/<YourDomain>.com.chained.crt ubuntu@ec2-<YourEC2IPWithDashes>.compute-1.amazonaws.com:
Copy yourdomain.com.private.key to Ubuntu server:
scp -i /Users/<code><YourMacMachineUserName>/<YourDomain>/SSH_Keys/<Your-Server-Key-Pair>.pem /Users/<code><YourMacMachineUserName>/<code><YourDomain>/SSL/<code><YourDomain>.com/<code><YourDomain>.com.private.key ubuntu@ec2-<code><YourEC2IPWithDashes>.compute-1.amazonaws.com:
- Transfer SSL keys to /etc/nginx/ssl location on Ubuntu server:
From the first terminal, run the following commands:
Transfer <<code>YourDomain>.com.chained.crt to /etc/nginx/ssl location:
sudo cp ~/<<code><code>YourDomain>.com.chained.crt /etc/nginx/ssl
Transfer <YourDomain>.com.private.key to /etc/nginx/ssl location at server:
sudo cp ~/<code><YourDomain>.com.private.key /etc/nginx/ssl
- Open
<code><YourDomain>.com nginx config:
Run the following command:
sudo nano /etc/nginx/sites-available/<code><code><YourDomain>.com
- Plug SSL keys to
<code><YourDomain>.com nginx config:
Paste the following text for that file:
server {
server_name <YourDomain>.com www.<YourDomain>.com;
root /var/www/<YourDomain>.com;
index index.html;
if ($host = www.<YourDomain>.com) {
return 301 https://<YourDomain>.com$request_uri;
}
listen [::]:443 ssl;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/<YourDomain>.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/<YourDomain>.com.private.key;
}
server {
if ($host = <YourDomain>.com) {
return 301 https://$host$request_uri;
}
if ($host = www.<YourDomain>.com) {
return 301 https://<YourDomain>.com$request_uri;
}
listen 80;
listen [::]:80;
server_name <YourDomain>.com www.<YourDomain>.com;
return 404;
}
- Validate the nginx config:
Run the following command:
sudo nginx -t
It will give you the following output:
<em>nginx: the configuration file /etc/nginx/nginx.conf syntax is ok</em>
- Restart the nginx server:
Run the folling command to restart the nginx server:
sudo service nginx restart
Restarting the nginx server will make the SSL attached to <code><code><YourDomain>.com
