First generate a new CSR openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
DO NOT DELETE THE server.key
FILE
Follow the rest of this guide after activating the csr and recieving the certs from Namechep.
unzip the package from COMODO
unzip STAR_<yourfqdn_here>_com.zip
cat the contents into a .cer file in this order
cat STAR_<yourfqdn_here>_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.cer
If the zip only contains your .crt
and a .ca-bundle
, then do this
cat STAR_<yourfqdn_here>_com.crt STAR_<yourfqdn_here>_com.ca.bundle > bundle.cer
make a new dir for the year and copy the key and cer into it
mkdir /etc/nginx/ssl/2014
cp <yourfqdn_here>.key /etc/nginx/ssl/2014/
cp bundle.cer /etc/nginx/ssl/2014/
make the folder only sys readable
chmod 600 /etc/nginx/ssl/2014
update the nginx config file
vim /etc/nginx/sites-available/<yourfqdn_here>-ssl
add to (or modify) the config file
ssl_certificate /etc/nginx/ssl/2014/bundle.cer;
ssl_certificate_key /etc/nginx/ssl/2014/<yourfqdn_here>.key; # (the .key file is what you generated above)
verify the config is still ok
nginx -t
reload the nginx
sudo service nginx reload
great success