This post will explain the process of setting up your nginx-powered site to used namecheap’s comodo positivessl certificate.
Navigate to a safe location where your nginx.conf file is able to reference the to-be-generated ssl key.
Generate your site’s key in the safe location
openssl req -nodes -newkey rsa:2048 -keyout mydomain_com.key -out mydomain_com.csr
You will be prompted to enter some information. Do make sure to fill out this important information.
Skip entering a ‘challenge password’, as it does not add to security.
Navigate to ‘Manage Domains’ and select your domain that will require the ssl certificate.
Ensure that the namecheap dns servers are used or else your choice of forwarding email address can not be used to verify the confirmation email. You can tell if you are using another dns if you can see ‘Transfer DNS back’ on the left sidebar (do select that option if you see it).
Now for the ssl configuration
For the server, choose ‘apache2’ and then enter the contents of your ‘mydomain_com.csr’ into the textarea.
On the second page, the confirmation email is required to confirm a ssl issuance.
Do this by setting up the forwarding email that you can access
Navigate to ‘Email Forwarding Setup’ and change ‘USER NAME’ to ‘admin’
As for the forward email, try to not use a gmail account as I found out that there were some problems receiving emails.
Fill in the ‘administrator’ account information if not complete.
A Comodo security services email will be delivered shortly to your ‘ForwardedTo’ email account. Once you receive that, confirm with the link by the validation code that was sent in that email.
The zip file containing your certificates will go to your ‘administrator’ account, the account that you sign up with namecheap. Note that the ‘ForwardedTo’ may not be the same as your ‘administrator’ account email, if you configured it that way.
Unzip the file to a temp directory and combine the three files into one. The order is important.
cat MyDomain_com.crt COMODORSADomainValidationSecureServerCA.crt \
Copy or move the ‘comodo-certs.combined’ file to the same folder as your ‘mydomain_com.key’ file.
Add or modify the following in your nginx.conf file
The first server block will redirect all variants of non-secured versions of your site to the secured version.
All the following
will be redirected to
Now to test the changes made to nginx by
sudo service nginx configtest
Finally, start or restart your nginx server to apply the changes.
sudo service nginx reload