You are currently viewing How to Install Free SSL Certificate on Nginx/HTTPD (Multi-Domain SAN Guide)

How to Install Free SSL Certificate on Nginx/HTTPD (Multi-Domain SAN Guide)

How to Install Free SSL Certificate on Nginx/Apache (HTTPD)

Summary: Install Free SSL Certificate on Nginx/HTTPD  using OpenSSL and Let’s Encrypt


📘 Table of Contents


🧠 Introduction to HTTPS & Free SSL Certificate

HTTPS (HyperText Transfer Protocol Secure) encrypts data exchanged between a browser and a server using SSL/TLS certificates. This ensures:

  • Data privacy
  • Authentication
  • Trust for visitors

Google even prioritizes HTTPS-enabled websites in search results. If you’re hosting a website without SSL, you’re missing out on both security and SEO benefits.

cicdtrail.com free ssl certificate how ssl https works

 


✅ Benefits of Using Free SSL Certificates

  • 💸 100% Free via providers like Let’s Encrypt
  • 🔐 Secure communication
  • 🌍 Multi-domain support using SAN (Subject Alternative Name)
  • ♻️ Auto-renewable every 90 days
  • 🧠 Learning opportunity for DevOps & SRE professionals

⚙️ Step-by-Step: Installing Free SSL Certificate on Nginx/Apache


1. Install Required Tools

Install OpenSSL and Certbot:

Ubuntu/Debian:

sudo apt update
sudo apt install openssl certbot python3-certbot-nginx -y

RHEL/CentOS:

sudo yum install openssl mod_ssl epel-release -y
sudo yum install certbot python3-certbot-apache -y

2. Create OpenSSL Config with SAN Support

Create a file called openssl.cnf with SAN entries.

[ req ]
default_bits       = 2048
prompt             = no
default_md         = sha256
req_extensions     = req_ext
distinguished_name = dn

[ dn ]
C = US
ST = California
L = San Francisco
O = CICD Trail
OU = DevOps
CN = example.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = example.com
DNS.2 = www.example.com
DNS.3 = api.example.com

3. Generate Private Key & CSR with SAN

openssl req -new -nodes -out example.csr -newkey rsa:2048 -keyout example.key -config openssl.cnf

This will create:

  • example.csr – Certificate Signing Request
  • example.key – Private key

4. Get Free SSL Certificate from Let’s Encrypt

For Nginx:

sudo certbot --nginx -d example.com -d www.example.com -d api.example.com

For Apache (HTTPD):

sudo certbot --apache -d example.com -d www.example.com -d api.example.com

Certbot will auto-configure your server in most cases.


5. Configure Nginx or Apache for free SSL certificate

🔹 Nginx Example:

server {
    listen 443 ssl;
    server_name example.com www.example.com api.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3000;
    }
}

🔹 Apache Example:

<VirtualHost *:443>
  ServerName example.com
  ServerAlias www.example.com api.example.com

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

  DocumentRoot /var/www/html
</VirtualHost>

6. Test SSL Configuration

Use these tools:

  • SSL Labs Test
  • curl -Iv https://example.com
  • openssl s_client -connect example.com:443

🔁 Bonus Tips: Auto-Renew & Hardening SSL

Auto-Renewal:

sudo crontab -e
# Add this line
0 0 * * * /usr/bin/certbot renew --quiet

SSL Hardening:

  • Disable weak protocols: TLSv1, TLSv1.1
  • Use modern ciphers
  • Implement HSTS headers

Refer: Mozilla SSL Config Generator


🛠️ Troubleshooting Common Issues

Problem Fix
Port 443 not open Open it via firewall (e.g. ufw allow 443)
Certbot not found Install latest version using snap or package manager
Invalid domain Ensure DNS A record is pointing correctly
Nginx/Apache not reloading Check config using nginx -t or apachectl configtest

🎯 Related articles for you:


🔗 External References


✅ Conclusion & Final Thoughts

Installing SAN-enabled Free SSL certificate on Nginx or Apache is now easier than ever. By securing your websites with HTTPS, you not only boost user trust but also improve search engine rankings.

Whether you’re a beginner or an advanced DevOps engineer, this guide equips you with everything you need to get started securely and confidently.


💬 What Next?

👍 If this guide helped you, drop a comment below or share it with your team.
🔧 Need help with SSL setup? Contact CICDTrail Support

Spread the love

team_cicdtrail

Only for Editorials, blogs and articles.