Install GoDaddy SSL certificate on AWS EC2 instance on Ubuntu

  • Get the zip of SSL certificates from GoDaddy site: _.yoursite.com.zip

    Contents of the zip will contain the following files:
    • 4a…..f.crt
    • 4a…..f.pem
    • gd_……g1.crt
  • Get the private key file from GoDaddy:
    • generated-private-key.txt
  • Copy SSL files to the folowing folder on your MAC:
    /Users/<YourMacMachineUserName>/SSL
    Rename the following files:
    • gd_bundle-g2-g1.crt > intermediate.crt
    • 4a……7f.crt > yourdomain.com.crt
    • generated-private-key.txt > yourdomain.com.key
  • Generate a chained crt “yourdomain.com.chained.crt” for public key portion for Ubuntu:

    Run the following command to combine crt and bundle crt into one file:

    sudo cat yourdomain.com.crt intermediate.crt >> <code>yourdomain.com.chained.crt

    The combine crt will look like this:

    <em>-----BEGIN CERTIFICATE----- MIIGjzCCBXegAwIBAgIIBKbcmr8tWX8wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow ....... ....... Az0wggM5MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF hEshB82knFa17T3rPaCEbZbpkKmsBcQUBPB3x/y 4o+F -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx 9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUF....... ....... DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11 GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVT MSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdv ....... ....... qm5vjLyb4lddJIGvl5echK1srDdMZvNhkREg5L4wn3qkKQmw4TRfZHcYQFHfjDCm rw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh ....... .......VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ReYNnyicsbkqWletNw+vHX/bvZ8= -----END CERTIFICATE-----</em>
  • Generate a chained key “yourdomain.com.private.key” for private key portion for Ubuntu.
    Run the following command to combine key and crt into one file:

    sudo cat yourdomain.com.key yourdomain.com.crt >> yourdomain.com.private.key

    The combine key will look like this:

    ---<em>--BEGIN CERTIFICATE----- MIIGjzCCBXegAwIBAgIIBKbcmr8tWX8wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow ....... ....... mBkeZhOfN7rj9WujlUP985TsFyQK6/4VzgiKNWnf1FEwaIPIIeSMFB/AaibSkQlF uO2KOIsPO78/7YcyNUCaigb3/hEshB82knFa17T3rPaCEbZbpkKmsBcQUBPB3x/y 4o+F -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCoIZe1X50uQCYm Y9I3aPobBRH+xIDCupk89FziJ6EwNw8uIocDnZQAFkfQYprpzmVn8qoGZUjVX/d7 1Ux8x4lFaf68yJ+XN6K3YJdSi/HuQpsGetmCvaXvMa1Sk00lnlC8QMbzoecwnpOD ....... ....... UnN+ZeA2LqWOQfRgkSg7/DQdmWMGZvkDZhxcqh388hxP1Nh0xwMH783JL2uUCHWF 01ASMI/+ZJbKYM2SrU84 -----END PRIVATE KEY-----</em>
  • Connect to EC2 from Mac’s terminal:

    Run the following command from the terminal where <Your-Server-Key-Pair.pem> is present. Example: /Users/<YourMacMachineUserName>/<YourDomain>/SSH_Keys/<Your-Server-Key-Pair>.pem

    ssh -i "YourServer-Server-Key-Pair.pem" ubuntu@ec2-<YourEC2IPWithDashes>.compute-1.amazonaws.com
  • Create /etc/nginx/ssl directory on the Ubuntu server:

    Run the following command:

    sudo mkdir /etc/nginx/ssl
  • Copy the keys from MAC to Ubuntu:

    In another terminal, run the following commands:

    Copy yourdomain.com.chained.crt to Ubuntu server:

    scp -i /Users/<YourMacMachineUserName>/<YourDomain>/SSH_Keys/<Your-Server-Key-Pair>.pem /Users/<YourMacMachineUserName>/<code><YourDomain>/SSL/<YourDomain>.com/<YourDomain>.com.chained.crt ubuntu@ec2-<YourEC2IPWithDashes>.compute-1.amazonaws.com:

    Copy yourdomain.com.private.key to Ubuntu server:

    scp -i /Users/<code><YourMacMachineUserName>/<YourDomain>/SSH_Keys/<Your-Server-Key-Pair>.pem /Users/<code><YourMacMachineUserName>/<code><YourDomain>/SSL/<code><YourDomain>.com/<code><YourDomain>.com.private.key ubuntu@ec2-<code><YourEC2IPWithDashes>.compute-1.amazonaws.com:
  • Transfer SSL keys to /etc/nginx/ssl location on Ubuntu server:

    From the first terminal, run the following commands:

    Transfer <<code>YourDomain>.com.chained.crt to /etc/nginx/ssl location:

    sudo cp ~/<<code><code>YourDomain>.com.chained.crt /etc/nginx/ssl

    Transfer <YourDomain>.com.private.key to /etc/nginx/ssl location at server:

    sudo cp ~/<code><YourDomain>.com.private.key /etc/nginx/ssl
  • Open  <code><YourDomain>.com nginx config:

    Run the following command:

    sudo nano /etc/nginx/sites-available/<code><code><YourDomain>.com
  • Plug SSL keys to <code><YourDomain>.com nginx config:

    Paste the following text for that file:
server {

    server_name <YourDomain>.com www.<YourDomain>.com;

    root /var/www/<YourDomain>.com;

    index index.html;

    if ($host = www.<YourDomain>.com) {
      return 301 https://<YourDomain>.com$request_uri;
    }

    listen [::]:443 ssl;
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/<YourDomain>.com.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/<YourDomain>.com.private.key;

}
server {
if ($host = <YourDomain>.com) {
        return 301 https://$host$request_uri;
}
    if ($host = www.<YourDomain>.com) {
        return 301 https://<YourDomain>.com$request_uri;
    }


    listen 80;

    listen [::]:80;

    server_name <YourDomain>.com www.<YourDomain>.com;
return 404;
}
  • Validate the nginx config:

    Run the following command:

    sudo nginx -t

    It will give you the following output:

    <em>nginx: the configuration file /etc/nginx/nginx.conf syntax is ok</em>
  • Restart the nginx server:

    Run the folling command to restart the nginx server:

    sudo service nginx restart

    Restarting the nginx server will make the SSL attached to <code><code><YourDomain>.com