How to setup TLS certificates for a domain with nginx

You can do that with certbot and obtain Let’s encrypt certificates, but here I assume you’ve obtained the certificates in a zip archive.

mv file.crt /etc/pki/tls/certs/file.crt
chown root:root /etc/pki/tls/certs/file.crt`
mv file.key /etc/pki/tls/private/file.key
chown root:root /etc/pki/tls/certs/file.key

Add these lines into the proper nginx config (for your domain):

ssl_certificate "/etc/pki/tls/certs/file.crt";
ssl_certificate_key "/etc/pki/tls/private/file.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout  10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;

Due to SELinux, you need to:

restorecon -v -R /etc/pki/tls/certs
restorecon -v -R /etc/pki/tls/private
systemctl restart nginx.service

Now your domain should be working properly via https.

If you want to redirect all HTTP traffic to HTTPS, put these lines into the appropriate nginx config:

server {
    listen 80;
    server_name your.domain.com;
    return 301 https://$server_name$request_uri;
}

80 is port for HTTP, 301 redirect is a clear way of redirecting the traffix.

See the official how-to.

first published: 2023-03-14
last modified: 2023-03-20