Install A SSL Cert On Amazon Linux

Get Your Certificate Signing Request (CSR)

From Amazon Linux:

cd /etc/ssl
openssl req -new -key vim <domain>.<tld>.key -out <domain>.<tld>.csr

Buy Your Certificate

From purchase a cert for either a wildcard or single-host fully-qualified domain name.  It must match the domain identifier . used when creating your CSR.

You’ll need the contents of the .csr file and private key you created above.

Install Your Certificate

It may take 2-5 business days to get your domain ownership validated and receive your certificate if this is not a renewal.  Check back at to obtain your certificate.    When ready it will bring you to a page showing 3 parts needed to validate the certificate, the Server Certificate, the CA Certificate, and the Root Certificate.

All 3 of these must appear in the crt file you are about to create.   The crt file is known as a “chained certificate” which includes the content of all 3 certificates concatenated in a single file.    The certificates each certify the level above it so you server certificate goes on top, validated by the Certificate Authority (CA) certificate, which is validated by a root certificate.

From Amazon Linux

cd /etc/ssl
vim <domain>.<tld>.crt

Past in the contents of the certificates provided by in the order provided.

You will end up with a file that has 3 begin/end certificate sections.

You can, and should,  delete your .csr file at this point.

Configure NGINX

If you haven’t done so already you’ll need to edit your website configuration at /etc/nginx/sites-available/<domain>.<tld> and create a SSL certificate snippet that tells the web server where to find your SSL certificate for that site.

The snippet  in /etc/nginx/snippets/<domain>.<tld>.conf will look something like this:

ssl_certificate /etc/ssl/<domain>.<tld>.crt;
ssl_certificate_key /etc/ssl/<domain>.<tld>.key;

Your site config file for nginx will be similar to this:

server {
    listen 80;
    listen [::]:80;
    listen 443 http2 ssl; 
    listen [::]:443 http2 ssl;

    server_name <domain>.<tld> *.<domain>.<tld>;

    root /var/www/<domain>;
    access_log /var/log/nginx/<domain>_access.log;
    error_log /var/log/nginx/<domain>_error.log;

    index index.php index.html index.htm;

    include snippets/ssl-<domain>.<tld>.conf;
    include snippets/ssl-params.conf;

    include global/restrictions.conf;
    include global/wordpress.conf;


Restart your nginx server.

service nginx restart ; service php7.0-fpm restart



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.