SSL Where do you suggest getting a SSL Certificate

As per the title. Also how would a person add this to a non-vHost site?

---

Thanks,
Itworx4me

 

I currently have a nginx vhost site that doesn’t have a ssl. I am looking to add this to the current vhost site. Where do you suggest getting a ssl and how would you go about adding it to the vhost site?

 

Should I be following self signed SSL certificate or Letsencrypt? I am confused as to what each does.

Thanks,
Itworx4me

 

Is one better than the other?

 

When I get to the end of step 6 I get this error:

Code:

 nprestart
Restarting nginx (via systemctl):  Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
                                                           [FAILED]
Gracefully shutting down php-fpm . done
Starting php-fpm  done

Any ideas? Whatever happened took down my site....

 

Code (Text):

nginx: [emerg] access_log "/home/nginx/domains/domain.com/log/access.log" already defined with conflicting parameters in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf:52
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

 

Code (Text):

/usr/local/nginx/conf/conf.d/demodomain.com.conf:            access_log /home/nginx/domains/demodomain.com/log/access.log ;
/usr/local/nginx/conf/conf.d/virtual.conf:        access_log              /var/log/nginx/localhost.access.log     combined buffer=8k flush=1m;
/usr/local/nginx/conf/conf.d/virtual.conf:        access_log   off;
/usr/local/nginx/conf/conf.d/domain2.com.conf:  access_log /home/nginx/domains/domain2.com/log/access.log main_ext buffer=256k flush=60m;
/usr/local/nginx/conf/conf.d/domain.com.conf:  access_log /home/nginx/domains/domain.com/log/access.log main_ext buffer=256k flush=60m;
/usr/local/nginx/conf/conf.d/domain.com.ssl.conf:  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=5m;

 

Thank you @eva2000 for helping me get this fixed. Onto step 7

 

Another issue @eva2000 . When I use this command:

Code (Text):

mv /usr/local/nginx/conf/conf.d/newdomain.com.conf /usr/local/nginx/conf/conf.d/newdomain.com.conf-disabled

It takes my site down completely. Any ideas? I had to reverse this in order to get my site back up.

Thanks,
Itworx4me

 

Yes I followed your steps to a tee. Here is my ssl.conf file.

Code (Text):

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name domain.com www.domain.com;
    return 302 https://domain.com$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name domain.com www.domain.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public;

location / {
     index index.php index.html index.htm;
     try_files $uri $uri/ /index.php?$uri&$args;
}

location /admin.php {
     auth_basic "Private";
     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
        include /usr/local/nginx/conf/php.conf;
        allow ;
        allow ;
        deny all;
}

location /install/data/ {
     internal;
}

location /install/templates/ {
     internal;
}

location /internal_data/ {
     internal;
}

# xenforo 2 uncomment / remove hash from next 3 lines
location /src/ {
     internal;
}

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  #include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

 

Code (Text):

HTTP/1.1 302 Moved Temporarily
Date: Sun, 21 Oct 2018 21:49:22 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=d60f7424d7ffed9473ba89aa592f690931540158562; expires=Mon, 21-Oct-19 21:49:22 GMT; path=/; domain=.domain.com; HttpOnly
Location: https://domain.com/
X-Powered-By: centminmod
Server: cloudflare
CF-RAY: 46d6ef06269ab9be-ATL

Code (Text):

HTTP/1.1 302 Moved Temporarily
Date: Sun, 21 Oct 2018 21:51:25 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=d5f0b57e7f00c4cf16404269ed6de255a1540158685; expires=Mon, 21-Oct-19 21:51:25 GMT; path=/; domain=.domain.com; HttpOnly
Location: https://domain.com/
X-Powered-By: centminmod
Server: cloudflare
CF-RAY: 46d6f205d1315e82-TPA

Code (Text):

HTTP/1.1 302 Moved Temporarily
Date: Sun, 21 Oct 2018 21:52:35 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=ddebae70f659d7f12cec14b4ee4f611a91540158755; expires=Mon, 21-Oct-19 21:52:35 GMT; path=/; domain=.domain.com; HttpOnly
Location: https://domain.com/
X-Powered-By: centminmod
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 46d6f3bfaf8e5e70-TPA

Code (Text):

HTTP/1.1 302 Moved Temporarily
Date: Sun, 21 Oct 2018 21:53:47 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=d50457230c8c107c1dc144c9b52c3e5511540158827; expires=Mon, 21-Oct-19 21:53:47 GMT; path=/; domain=.domain.com; HttpOnly
Location: https://domain.com/
X-Powered-By: centminmod
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 46d6f57f4c5b5e6a-TPA