Welcome to Centmin Mod Community
Become a Member

SSL Centmin Mod Nginx + SPDY & HTTP/2 SSL Setup Guide

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Oct 17, 2014.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  2. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Centmin Mod Nginx SPDY/3.1 SSL setup

    For Centmin Mod Nginx users wanting to use SSL and serve their web sites via https, check out the following threads and Centmin Mod Nginx SPDY SSL setup guide.
    Domain Validation for SSL certificates

    You'll most likely be using domain validated SSL certificates so will need a working @yourdomain.com email address to verify and prove your domain name ownership at SSL purchase time. So check out Free @yourdomain.com Email Accounts & Alternatives | Centmin Mod Community

    SPDY check

    Test your https:// SSL based domain for SPDY via the following:
    SSL check

    Then test your https:// SSL based domain via these SSL test sites:
    CSR (Certificate Signing Request) Code Checker
    General SSL Info
    Difference between an SSL Wildcard vs standard SSL Certification

    Wildcard SSL Certificate covers all sub-domains of your main domain. If you have multiple sub-domains to secure, then a Wildcard SSL Certificate can save you hundreds or thousands of dollars and save your time for the configure and install process as opposed to buying individual SSL certificates. For example a single Wildcard SSL Certificate for *.yourdomain.com can be used to secure:
    • forum.yourdomain.com
    • blog.yourdomain.com
    • news.yourdomain.com
    • download.yourdomain.com
    • anything.yourdomain.com
    For standard SSL Certificates, for the above 5 listed sub-domains, you would have to purchase and configure and install five separate SSL Certificates - one for each sub-domain.

    Making Centmin Mod Nginx site domain conversion to https SSL a useful exercise

    Thought I'd post this as it's what I am doing with some of my private paying clients who are looking to switch to https SSL. What you do if you're unsure if https SSL conversion is right for your web site is to setup a duplicate test dev copy of your live site on a separate Centmin Mod Nginx setup server or IP address and preview the test copy site domain via local computer hosts file edits.

    For instance on windows pc to preview a test site on different ip, just edit C:\Windows\System32\drivers\etc\hosts with line
    Code:
    newipaddress domain.com www.domain.com subdomain.domain.com
    Then when you go to domain.com in your browser it bypasses your ISP DNS and uses the local hosts file edit to dirct domain.com to newipaddress. You can then setup https SSL as per Nginx HTTPS / SSL Google SPDY configuration on the test dev copy and preview how your site will function under https SSL before doing the same on live production site. You can then use test dev copy for any other testing you like to do in future too as well as serves as a useful exercise in making sure your backup and restore processes are working ;) And also allows you to test https SSL on test dev site without affecting your live production site's rankings or search engine listings.

    Just remember to remove the hosts file edit line once you want to view your live production site ;)

    Sharing your http to https SSL experience and journey

    If you want you can share your own experiences with converting from http to https SSL in the forums at Domains, DNS, Email & SSL Certificates. I have added a prefix tag for SSL for new threads created, so you can also filter on SSL prefix by clicking on it to view only SSL tagged threads - example click here :)

    Additional Notes

    If you rely on using advertising networks like Google Adsense etc, be sure to ask your ad rep whether they support serving ads via https SSL as not all ad networks support https SSL which may cause mixed content errors for visitors to your https SSL enabled site if the ads are served via non-https methods. See article here
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Added a shortcut url to the Centmin Mod SPDY SSL Nginx Guide at centminmod.com/sslconfig so that it's easier to remember :)
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,506
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    12:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    Note:
    • For wordpress auto installer, you actually need a read method 2 to enable LETSENCRYPT_DETECT='y' then run centmin.sh menu option 22 which will detect letsencrypt support and display the additional letsencrypt prompts required to issue free letsencrypt ssl certificates for wordpress auto installer
     
Thread Status:
Not open for further replies.