Getting https on a domain from Namecheap with ubuntu and nginx
This tutorial works if you have already configured a http server with working nginx config(don't need to have domain configured).
->go to your VPS server and create a new key and cert file with:
$openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain_tld.key -out yourdomain_tld.csr "
Give the following values when it asks:
->Country like FI
->State province
->Locality
->Org = NA
->Org Unit = NA
->PUT YOUR DOMAIN NAME here like google.com
-> email = REAL EMAIL HERE
->don't put any passwords
->copy that key file(yourdomain_tld.key) in /etc/ssl/ for future use
$ cat filename.csr
->now copy the output into namecheap somewhere in "ssl certificates" tab there under "domain list" in the sidebar you get some config thing.
->after that go to Domain List -> Details -> SSL, there find a link to getting a CNAME record.
->click down arrow on EDIT METHODS -> Get Record.
->copy host value WITHOUT YOUR DOMAIN NAME AT THE END. Paste it into new CNAME RECORD as host(your domain's advanced dns record). ->copy the other value under as whole and paste it as a value to a new cname record.
->while you are there create a new A Record with host as "@" and value as your server ip also A Record with "www" as host and again ip as value.
->go back to page where you copied the records ->click EDIT METHODS now and save
-> Wait a little for cname to update(15min max)
->go to sidebar "SSL CERTIFICATES" and download zip file for your domain
->go with cli to downloads folder and use this to send it to VPS
$scp folder_name.zip your_vps_user_name@your_vps_ip_address:/path/to/home/
->now you should have zip in your server's home folder. ->unzip it.
WHEN DOWNLOADED FROM NAMECHEAP LIKE WE DID:
use this to make your_domain_chain.crt file(change ofc the your_domain to yours for clarity):
$cat your_domain.crt > your_domain_chain.crt ; echo >> your_domain_chain.crt ; cat your_domain.ca-bundle >> your_domain_chain.crt
If you downloaded the zip from email, use(i know this is ridiculous):
$cat your_domain.crt your_domain.ca-bundle >> your_domain_chain.crt
->now move that your_domain_chain.crt file to /etc/ssl/ directory for future use just like the key file in the beginning
->make a new file "your_domain-ssl.conf" in /etc/nginx/conf.d/ directory and add the following:
# this routes all the http->https
server {
listen 80;
server_name your_domain;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name your_domain;
ssl_certificate /etc/ssl/your_domain_chain.crt;
ssl_certificate_key /etc/ssl/yourdomain_tld.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
#example port - change to where your app runs
proxy_pass http://127.0.0.1:8001;
proxy_redirect off;
}
}
change your domain there and change proxy_pass to where your app is running ssl_certificate should be the your_domain_chain.crt ssl_certificate_key should be the above key(made with openssl in the beginning)
sudo nginx -s reload
that should be it now, pheww.