nginx SSL/HTTPS Command Reference - Nginx

Syntax

listen 443 ssl; ssl_certificate path; ssl_certificate_key path;

Parameters

Parameters	Description	Examples	Level
`ssl_certificate`		`ssl_certificate /etc/ssl/cert.pem;`	Common
`ssl_certificate_key`		`ssl_certificate_key /etc/ssl/key.pem;`	Common
`ssl_protocols`	TLS	`ssl_protocols TLSv1.2 TLSv1.3;`	Common
`ssl_ciphers`		`ssl_ciphers HIGH:!aNULL:!MD5;`	Advanced
`ssl_session_cache`	SSL	`ssl_session_cache shared:SSL:10m;`	Advanced

Examples

HTTPS

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;

    root /var/www/html;
}

Let's Encrypt

# certbot
sudo apt install certbot python3-certbot-nginx
# sudo certbot --nginx -d example.com
# (crontab)
0 0 1 * * certbot renew --quiet

certbot Nginx

HTTP/2 + HSTS

server {
    listen 443 ssl http2;
    server_name example.com;
    ssl_certificate ...;
    ssl_certificate_key ...;
    add_header Strict-Transport-Security "max-age=31536000" always;
}

HTTP/2 and HSTS

HTTP HTTPS

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

HTTPS server

Common Errors

SSL: error:0B080074:x509 certificate routines, fullchain.pem()

ERR_SSL_PROTOCOL_ERRORssl_protocols, TLS

Tips

Let's Encrypt, certbot
TLSv1.2 and TLSv1.3,
HSTS HTTPS

nginx SSL/HTTPS

Syntax

Parameters

Examples

HTTPS

Let's Encrypt

HTTP/2 + HSTS

HTTP HTTPS

Common Errors

Tips

Related Commands