Configure free SSLNameCheap on LNMP or Nginx

At the end of April, I registered a JunGeHost.com with the discount code for NameCheap and offered a free PositiveSSL for one year. so I used SSL to transmit data more securely. SSL requires an independent IP address, that is, an independent IP address can only correspond to one SSL. (What is SSL ?) I. preparations 1. you need to compile the ssl module by using Nginx (the one-click lnmp installation package has been compiled and installed). If no, re-compile the ssl module.

At the end of April, I registered a JunGeHost.com with the discount code for NameCheap and offered a free year of Positive SSL. so I used SSL to transfer data more securely.

SSL requires an independent IP address, that is, an independent IP address can only correspond to one SSL. (What is SSL ?)

I. preparations

1. the ssl module needs to be compiled by Nginx (the one-click installation package of lnmp has been compiled and installed). If you do not need to re-compile the ssl module, you can refer to Nginx seamless upgrade.

2. then NameCheap has registered/transferred a domain name or purchased a host product, and added free SSL to the shopping cart.

II. use OpenSSL to generate a certificate (note: The blue bold text indicates the command entered during execution !)

1. generate an RSA key

Li88-99 :~ #Cd/usr/local/nginx/conf/
Li88-99:/usr/local/nginx/conf #Openssl genrsa-out jungehost. pem 2048

Generating RSA private key, 2048 bit long modulus
... ++
. ++
E is 65537 (0x10001)

2. generate a certificate request

Li88-99:/usr/local/nginx/conf #Openssl req-new-key jungehost. pem-out jungehost. csr
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----

Country Name (2 letter code) [AU]:CN// Enter the country abbreviation
State or Province Name (full name) [Some-State]:ShanDong// Province/city
Locality Name (eg, city) []: JiNan // city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: JunGe Host // Organization Name or company Name
Organizational Unit Name (eg, section) []: // optional
Common Name (eg, YOUR name) []: jungehost.com // enter the domain Name for which ssl is to be configured, for example, jungehost.com. Note that jungehost.com and www.jungehost.com belong to different domain names.
Email Address []: admin@jungehost.com // enter a mailbox

Please enter the following 'Extra 'attributes
To be sent with your certificate request
A challenge password []: // optional
An optional company name []: // optional

After entering the relevant information according to the preceding annotations, the file jungehost. csr is generated under the Directory and executed.Cat jungehost. csr
Copy all the content starting with ----- begin certificate request ----- to ----- end certificate request. You need to use this jungehost. csr to generate a digital certificate in NameCheap.

Li88-99:/usr/local/nginx/conf #Cat jungehost. csr
----- Begin certificate request -----
MIIBzTCCATYCAQAwgYwxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhTaGFuRG9uZzEO
Bytes
Z2UxEjAQBgNVBAMTCVNoaUp1baBMaTEiMCAGCSqGSIbcDQEJARYTYWRtaW5AanVu
Bytes
2tbvHevVY3fdpdn8ESpSewHC9yc9zVoc0tz9Ww5EfpDV9L222xv/Z8DlDf2pUfIG
X7F15qIQJZ/VCUDNxS5Y7bjNTzduMq8yQnqkB6h/dpnlFTJlDQrAl6vaoOhBcB5L
Bytes
AJxQOaFHra/ILos8 + HO8Wn/2bhfWAUR4ovyRGKMB/n0BQlHPfNhKbILRv9KI5EUL
Dc6HCf3AALetjNiPHrfpJOCj4Ljqchu3WeodthuwRd9hzhZHCf43UiopofbfRzMp
LmAJFuUwN93IgFSrslCh66JaQceNa5x/TQIsmviuKZGC
----- End certificate request -----

III. generate a digital certificate using NameCheap

1. after logging on to NameCheap.com, you will be prompted on the background homepage that you have an inactive SSL authentication product, such:

Click the SSL Certificates Page link above.

2. activate the SSL certificate

Click "Activate Now" to Activate the SSL product.

3. Submit the certificate generated by OpenSSL to the CA.

The Web server software does not have Nginx. only other is selected. enter the csr below and jungehost. the content of the csr, that is, the content that needs to be copied starting with ----- begin certificate request ----- to ----- end certificate request.

4. select the domain name administrator email address. the email address must be able to receive emails. Check whether the information entered during certificate generation is correct.

5. submit the order

Check whether the above information is correct and then click "Submit Order ".

6. email verification

In a few minutes or 10 minutes, you will receive a verification email from Comodo, such:

Click the link above and enter the coupon code above.

Verification completed!

7. a digital certificate sent by Comodo within a few minutes after verification is completed.

IV. set SSL for Nginx virtual host

1. download jungehost_com.zip in the attachment to/usr/local/nginx/conf.

Generally, you can directly use the crt file issued by the certificate issuing authority, such as jungehost_com.crt. However, many certificate issuing authority do not trust the file in the Firefox Chinese version by default. after careful research, finally, we found that we had to put the certificate issuing authority into your crt file. (From: Showfom)

The method is as follows:

Merge PositiveSSLCA. crt (Certificate Authority crt) and jungehost_com.crt (self-domain crt)

Cat jungehost_com.crt> PositiveSSLCA. crt

Mv PositiveSSLCA. crt jungehost_com.crt

You can also directly open it in Notepad and copy all the content in PositiveSSLCA. crt to the bottom of jungehost_com.crt.

2. add SSL to the Nginx virtual host

Server
{
Listen 443;
Server_name jungehost.com www.jungehost.com;
Index index.html index.htm index. php;
Root/home/wwwroot/jungehost;

Ssl on;
Ssl_certificate jungehost_com.crt;
Ssl_certificate_key jungehost. pem;

Location ~ . * \. (Php | php5 )? $
{
Fastcgi_pass unix:/tmp/php-cgi.sock;
Fastcgi_index index. php;
Fastcgi_param HTTPS on;
Fcinclude GI. conf;
}
Access_log off;
}

Modify the above content according to your own configuration and add it to the end of any server {} in nginx. conf.

Run/usr/local/nginx/sbin/nginx-t to check whether the configuration is correct. run kill-HUP 'cat/usr/local/nginx/logs/nginx. pid 'restart.

Li88-99:/usr/local/nginx/conf #/Usr/local/nginx/sbin/nginx-t
The configuration file/usr/local/nginx/conf/nginx. conf syntax is OK
Configuration file/usr/local/nginx/conf/nginx. conf test is successful
Li88-99:/usr/local/nginx/conf #Kill-HUP 'cat/usr/local/nginx/logs/nginx. pid'

V. test

There is no problem accessing the https://jungehost.com/test under Chrome, Firefox, IE7. welcome to the Test feedback.

PS: If you need SSL and do not want to spend too much, you can select NameCheap to register or transfer the domain name to get free SSL. VPS detective will also occasionally update some NameCheap domain name discount codes on the website.

> Reprinted please indicate the source: VPS detective link address: http://www.vpser.net/manage/namecheap-free-ssl-nginx.html