Discover Centmin Mod today
Register Now

SSL How switch to SSL on centminmod/nginx

Discussion in 'Domains, DNS, Email & SSL Certificates' started by negative, Jan 12, 2017.

  1. negative

    negative Member

    217
    22
    18
    Apr 11, 2015
    Ratings:
    +50
    Local Time:
    10:45 AM
    1.9.10
    10.1.11
    Hello

    My website working on nginx but i m confused how can i switch to SSL because of when i first install the domain, i said "no" for use SSL/create self-signed certificates questions.

    So, i check the nginx/conf/ssl directory now and i don't see anything. Should i create the same domain again via #2 option on centmin ? I worry because it may crash the working website and all customized settings will be gone.

    So, what is the easy way to switch current domain to paid SSL certificate?

    BTW, I will buy a paid SSL certificate (RapidSSL) but provider asks CSR Code before buy the certificate ? How can i create that

    Or, can you advice the use Cloudflare Dedicated SSL (5$/monthly) as easiest way to use HTTPS ?

    Thanks.
     
    Last edited: Jan 12, 2017
  2. eva2000

    eva2000 Administrator Staff Member

    31,022
    6,925
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,431
    Local Time:
    6:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates for existing non-HTTPS Nginx vhost sites migration to HTTPS as outlined at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates

    Or yes Cloudflare SSL certs is another
     
  3. negative

    negative Member

    217
    22
    18
    Apr 11, 2015
    Ratings:
    +50
    Local Time:
    10:45 AM
    1.9.10
    10.1.11
    And i understand that in my researches, while i continue to use cloudflare as dns and cdn provider it doesn't support custom ssl certificates except min. business plan. So, i don't want to switch business plan(200$/monthly)

    If i buy a paid ssl certificate and install to server, cloudflare still encrypts the connection itself, it doesn't use my main certificate to show visitors.

    I will do that just for SEO advantages, so what is your advice ?

    If i continue on cloudflare, dedicated ssl solution (5$/monthly) looks fine for now. And i will not need to buy paid certificate and install processes on server, isn't it ? @eva2000

    Thanks
     
  4. eva2000

    eva2000 Administrator Staff Member

    31,022
    6,925
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,431
    Local Time:
    6:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    no seo advantages to take of ssl cert used and what name is on it as long as it's valid for your domain

    $5/month dedicated cloudflare ssl cert is enough and no ssl https vhost on local server is needed afaik. I don't use dedicated cloudflare ssl cert myself.
     
  5. RB1

    RB1 Active Member

    281
    72
    28
    Nov 11, 2016
    California
    Ratings:
    +119
    Local Time:
    12:45 AM
    Nginx 1.13.x
    MariaDB 10.1.x
    If you are on Centminmod 123.09beta01 and you already have the non-SSL vhost on your server, I have been using: Generate Centmin Mod Nginx Vhost - CentminMod.com LEMP Nginx web stack for CentOS (given that you would like to use a free LetsEncrypt certificate).

    Just fill in your domain, select yes, choose your vhost type and press submit.
    Follow through the steps for the LetsEncrypt option (not self-signed).

    After setting this up, you can even follow the steps at: Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS
    to force HTTPS.
     
    • Like Like x 1
  6. negative

    negative Member

    217
    22
    18
    Apr 11, 2015
    Ratings:
    +50
    Local Time:
    10:45 AM
    1.9.10
    10.1.11
    I have choice the cloudflare Flexible SSL with dedicated certify solution and everything was easiest. I just order a edge dedicated certify and create a page rule that force use https. No other configuration on cloudflare or server side. website works under https perfect now.

    Only problem is 5$/monthly :)
     
    • Like Like x 1
  7. eva2000

    eva2000 Administrator Staff Member

    31,022
    6,925
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,431
    Local Time:
    6:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    nice for some that is fine if 5x12 = $60/yr is ok for them :)