News
3 new Serverspace GPT API Language Models available now!
Log in Sign up
JH
Joe Harris
November 9 2020
Updated June 20 2025

How to Install SSL Certificate on Nginx Ubuntu 20.04 – Step-by-Step HTTPS Setup

Linux SSL Ubuntu Web server

Using another OS?

Select the desired version or distribution.
Ubuntu 20.04
CentOS 8 Ubuntu 20.04

In order to use the HTTPS protocol on a website, you must obtain the TLS/SSL certificate and configure Nginx. You can get a certificate from a trusted certificate authority for money in a large number of services. The free version is possible thanks to the Let's Encrypt service and is described here in step 3.You also need to perform basic Nginx configuration. If you use self-signed certificates, the browser will display an error when checking security.

Basic SSL configuration

If you have acquired an SSL certificate, it’s important to build the full certificate chain by combining your public key with the intermediate certificates from the certification authorities. This is done by appending the contents of the chain file to the end of your public key file. These files typically use the .pem or .crt formats.

cat cert.pem chain.pem > fullchain.pem

Now copy files to your server. A good choice is to put the private key (.key or .pem) to the /etc/ssl/private/ folder, and the fullchain.pem to the /etc/ssl/certs/.

Now open the configuration file of your virtual host (/etc/nginx/sites-available/domain-name.com) and add the following lines:

server {
listen 443 ssl;
server_name domain-name.com; # Your website's domain name
ssl_certificate /etc/ssl/certs/fullchain.pem; # Path to the full chain of your SSL certificate
ssl_certificate_key /etc/ssl/private/privkey.pem; # Path to the private key of your SSL certificate
}

Don't forget to set the root and index parameters in this section, just like in the HTTP section.
Restart Nginx.

systemctl restart nginx

Now you can check your SSL certificate and configuration using https://www.ssllabs.com/ssltest/ and proceed with settings that do not correspond to class A.

Disabling outdated protocols and enabling priority for server ciphers

Specify the use of TLS versions 1.2 and 1.3 and the priority for server ciphers. Open the /etc/nginx/nginx.conf file and correct or add the following lines in the http section.

http {
...
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
...
}

Restart Nginx.

systemctl restart nginx

Redirecting from HTTP to HTTPS

To configure the site to work only over HTTPS you need to add a redirect with HTTP. Open the configuration file of your virtual host (/etc/nginx/sites-available/domain-name.com), delete the HTTP section:

server {
listen 80;

}

Now add a new one with the following parameters:

server {
listen 80;
server_name domain-name.com; # Your website's domain name
return 301 https://$host$request_uri; # Redirect
}

Now restart Nginx.

systemctl restart nginx

FAQ: SSL Certificate Installation and Configuration on Nginx for Ubuntu 20.04

  • Q: Do I need to buy an SSL certificate to enable HTTPS?
    No, you can get a free SSL certificate from Let’s Encrypt, which is widely supported and described in this guide. Paid certificates from trusted authorities are also an option for additional features or warranties.
  • Q: What is the difference between a self-signed certificate and one from a certificate authority?
    Self-signed certificates encrypt traffic but browsers will show security warnings because they aren’t trusted by default. Certificates from recognized authorities prevent these warnings and ensure visitor trust.
  • Q: Where should I place my SSL certificate and key files on the server?
    Typically, private keys go to /etc/ssl/private/ and certificate chains to /etc/ssl/certs/. Make sure file permissions restrict access to the private key for security.
  • Q: How do I force my website to use HTTPS only?
    Configure Nginx to redirect all HTTP traffic to HTTPS by adding a server block that listens on port 80 and issues a 301 redirect to the HTTPS URL.
  • Q: Which TLS versions should I enable for security?
    Enable TLS 1.2 and TLS 1.3 only, as older versions are considered insecure and vulnerable to attacks.
  • Q: How can I verify if my SSL configuration is correct?
    Use online tools like SSL Labs SSL Test to check your certificate’s validity and overall security rating.
Vote:
4 out of 5
Аverage rating : 4.7
Rated by: 3
33145 North Miami, FL 2520 Coral Way apt 2-135
+1 302 425-97-76
700 300
ITGLOBAL.COM CORP
700 300
Basic SSL configuration
Disabling outdated protocols and enabling priority for server ciphers
Redirecting from HTTP to HTTPS
FAQ SSL Certificate Installation and Configuration on Nginx for Ubuntu 20.04

Thanks! Please indicate the reason for the low rating so that we can improve the article

Feel free to reach out Serverspace team

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.