A Step-by-Step Guide to Configuring HTTPS Certificates for Nginx on Linux Servers – Easy for Beginners!

Start of the Main Content

Meeting is fate, follow ⭐ to not miss out – sharing practical tutorials and tips every day.

In today’s world where internet security is increasingly important, configuring HTTPS certificates for websites has become a necessity. This article will take the Nginx server as an example and explain in detail how to complete the HTTPS certificate configuration step by step in a Linux environment, making it easy for even technical novices!

1. Why Must HTTPS Certificates Be Configured? – Enhancing Security and Value

1. Triple Security Boost to Protect Data

  • Data Encryption (Prevent Eavesdropping): HTTPS encrypts transmitted data through the TLS/SSL protocol, preventing hackers from stealing user information (such as passwords, transaction data, etc.) during data transmission.
  • Identity Authentication (Prevent Spoofing): Certificates are issued by authoritative CA organizations to verify the website’s identity, avoiding “man-in-the-middle attacks” (such as phishing sites masquerading as legitimate sites).
  • Trust Indicator (User Assurance): The browser’s address bar displays a “secure lock” icon, allowing users to intuitively confirm the website’s trustworthiness, enhancing the sense of security during visits.

2. Additional Value Not to Be Ignored

  • SEO Boost: Search engines like Google and Baidu prioritize indexing HTTPS websites, improving search rankings and attracting more traffic.
  • Performance Improvement: HTTPS supports the HTTP/2 protocol, which is faster and more resource-efficient compared to HTTP/1.1.
  • Compatibility Requirements: Platforms like WeChat Mini Programs and Apple Apps require HTTPS environments; without configuration, normal access will not be possible.

2. Preparation Checklist – Check if the Environment Meets Standards

1. Basic Environment Requirements

  • Operating System: Linux server (recommended mainstream distributions like Ubuntu/CentOS).
  • Nginx Version: Nginx must be installed with version ≥1.10.0 (execute <span>nginx -v</span> to check the version).
  • Domain Name and Certificate: Have a registered domain name and obtain an HTTPS certificate (certificate files are usually in <span>.crt</span> and <span>.key</span> formats, which can be applied for through Alibaba Cloud, Tencent Cloud, or the free platform Let’s Encrypt).
  • Port Open: Ensure the server firewall opens port 443 (the default port for HTTPS), which can be checked/adjusted with the following commands:
    • • Ubuntu:<span>sudo ufw allow 443/tcp</span>
    • • CentOS:<span>sudo firewall-cmd --add-port=443/tcp --permanent && sudo firewall-cmd --reload</span>

3. Compiling the SSL Module for Nginx – Skip if Already Available

If the SSL module was not enabled during the previous Nginx installation (execute <span>nginx -V</span> to check if <span>--with-http_ssl_module</span> is included in the output), follow these steps:

1. Navigate to the Nginx Source Package Path

Assuming the source package is located at <span>/opt/nginx-1.14.2/</span> (please adjust according to the actual path):

cd /opt/nginx-1.14.2/

2. Reconfigure Compilation Parameters

Add <span>--with-http_ssl_module</span> to the existing configuration (for example, if the original configuration is <span>--prefix=/opt/nginx</span>):

./configure --prefix=/opt/nginx --with-http_ssl_module

3. Compile and Install

make && make install

4. Stop the Existing Nginx Service

/opt/nginx/sbin/nginx -s stop  # Adjust the path according to the actual installation directory

4. Configuring Certificate Files – Core Steps, Details Determine Success or Failure

1. Prepare Certificate Files

Upload the certificate file (<span>.crt</span>) and the private key file (<span>.key</span>) to the server (it is recommended to store them in <span>/etc/nginx/cert/</span> or <span>/path/</span> directory, ensuring the path is accurate).

2. Modify the Nginx Configuration File

Open the main Nginx configuration file (usually <span>/opt/nginx/conf/nginx.conf</span> or <span>/etc/nginx/nginx.conf</span>), and add the HTTPS configuration in the <span>server</span> block (if there is no <span>server</span> block, it needs to be created):

server {
    listen 443 ssl;  # Listen on port 443, enable SSL
    server_name example.com www.example.com;  # Fill in your domain

    # Certificate paths (replace with actual paths)
    ssl_certificate     /path/example.com_bundle.crt;  # Certificate file
    ssl_certificate_key /path/example.com.key;         # Private key file

    # Optimization configuration (enhance security and performance)
    ssl_session_cache   shared:SSL:1m;   # SSL session cache
    ssl_session_timeout 5m;              # Session timeout
    ssl_ciphers  HIGH:!aNULL:!MD5;       # Encryption algorithms, exclude weak encryption
    ssl_prefer_server_ciphers on;       # Prefer server-side encryption algorithms

    # Other configurations (such as forwarding, redirection, etc. can be added)
    # ...
}

5. Restart the Nginx Service – Make the Configuration Effective

/opt/nginx/sbin/nginx  # Start Nginx (if previously stopped, just start it directly)

Note: If you modified the configuration file, it is recommended to check the syntax first:

/opt/nginx/sbin/nginx -t

Once confirmed, restart to avoid service startup failure.

6. Effect Verification – Check if Configuration is Successful in 30 Seconds

Enter <span>https://yourdomain</span> (e.g., <span>https://example.com</span>) in the browser’s address bar and observe:

  • • Is there a “secure lock” icon 🔒 on the left side of the address bar?
  • • Click the lock icon to check if the certificate information is correct (issuer, validity period, domain match).

If the above indicators appear, congratulations, the HTTPS configuration is successful!

Common Questions and Answers (Must-Read for Beginners)

  1. 1. How to Apply for a Free HTTPS Certificate? It is recommended to use Let’s Encrypt (free, automatic renewal), which can be quickly applied for using the <span>certbot</span> tool.
  2. 2. Website Not Opening After Configuration? Check:
  3. ① Is the certificate path correct?
  4. ② Is port 443 open?
  5. ③ Are there any syntax errors in the Nginx configuration (check with <span>nginx -t</span>).
  6. 3. Is it Necessary to Support Both HTTP and HTTPS? It is recommended to add a forced redirect from HTTP to HTTPS to ensure all traffic goes through a secure channel, configured as follows: 
    server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;  # Permanent redirect to HTTPS
}

Summary

Configuring HTTPS certificates may seem complex, but it can be completed by following the steps.

A Step-by-Step Guide to Configuring HTTPS Certificates for Nginx on Linux Servers - Easy for Beginners!Previous Recommendations:【First Release】DeepSeek-R1 Local Deployment Complete Guide: From 1.5B to 671B, Covering All Three System Configurations!Exclusive Reveal! Linux Server Zero Network Setup for DeepSeek – R1 + WEB Page (Multiple Methods), Quickly Build Your Own Offline Knowledge Base, with Installation Package Acquisition GuideDeploying DeepSeek R1 Model Offline on Windows and Building Your Own AI Knowledge BaseDeepSeek is Exploding, How Ordinary People Can Train Their Own Large Model from Scratch in 7 HoursA Guide for Beginners to Learn DeepSeek in One Day: From Zero to Technical Practice

👍 Like, your recognition is my motivation for creation!

⭐️ Save, your favor is my direction of effort!

✏️ Comment, your opinions are my wealth for progress!

ENDReview of Previous ArticlesSome images and concepts in the text are sourced from the internet; if there is any infringement, please contact me for removal.

Welcome to follow our public account:Intelligent Operation and Maintenance Fleet, dedicated to sharing knowledge and experience in the fields of digital government and smart cities, focusing on the development of operational capabilities in automation, intelligence, and digitization, providing various technical support services.

Related posts

  1. Will the Model Context Protocol (MCP) Explode Like HTTP?
  2. Performance Evaluation of Go HTTP Frameworks: Fiber vs. Gin vs. Go Standard Library
  3. Efficient HTTP Large Data Requests Using Go Language Streaming Processing
  4. Let Micro:bit Take Over the Egg Experiment
  5. Raspberry Pi | Linux Commands
  6. 9 Tips to Optimize Linux Server Efficiency
  7. Basics of HTTP and Simple Telnet Commands
  8. High-Performance HTTPS Server Optimization and Improvements Based on Hyper with Public Network Access and Multi-Domain Support for HTTP/3 and HTTP/2
  9. Protection Against HTTP Flood Attacks in Web Firewalls
  10. Understanding the Linux Time Command: A Must-Have Skill for Performance Tuning!
  11. Nimbuspwn: Microsoft Discovers Multiple Privilege Escalation Vulnerabilities in Linux Operating System
  12. Comprehensive Guide to Linux Command Delimiters: A Veteran’s Insights on Command Line Mastery
  13. Comprehensive Guide to Linux Compression and Decompression Commands
  14. Unlocking Linux Disk and File System: Enhance Your Data Management!
  15. Why Does HTTPS Return Large Data While HTTP Returns Line by Line?
  16. Detailed Explanation of Linux Boot and Startup Process
  17. A Must-Read for Tech Enthusiasts! Build a Home Server with an Idle Computer and Earn Money

Leave a Comment