I assume you have already generated a private key (e.g. xxxx.com.private.key) and a CSR and submitted the CSR file to Godaddy. Now you just want to download and install the SSL certificate.
- There are many web server to choose. Just pick Apache.
- Down the 2 files to a local folder (e.g. /etc/nginx/ssl)
- Your SSL Certificate with a random name (Ex. c87b9chf834hts.crt)
- The GoDaddy intermediate certificate bundle (gd_bundle-g2-g1.crt)
- Create a single chained certificate file by concatenating both 2 files:
1: cat c87b9chf834hts.crt gd_bundle-g2-g1.crt > xxxx.com.chained.crt
Nginx
Open your Nginx configuration file: (e.g. sudo subl /etc/nginx/sites-available/default)
1: server {
2: ...
3: listen 443;
4: server_name xxxx.com;
5:
6: ssl on;
7: ssl_certificate /etc/nginx/ssl/xxxx.com.chained.crt;
8: ssl_certificate_key /etc/nginx/ssl/xxxx.com.private.key;
9: ...
10: }
Verify and test the modified configuration file:
1: $ sudo nginx –t
Restart Nginx:
1: $ sudo systemctl restart nginx
You can test the connection with a browser or openssl for more verbose testing:
1: $ openssl s_client -connect localhost:443
Node.JS
1: var express = require('express'),
2: app = express(),
3: port = process.env.PORT || 8080;
4:
5: var fs = require('fs');
6:
7: var options = {
8: key: fs.readFileSync('/etc/ssl/xxx.com.private.key'),
9: cert: fs.readFileSync('/etc/ssl/xxxx.com.chained.crt')
10: };
11:
12: var https = require('https');
13:
14: ...
15:
16: var serv = https.createServer(options, app);
17: serv.listen(port);
Tips:
- Make sure your cloud provider (AWS or Azure) allows inbound traffic through 443. Otherwise, you get a connection timeout.
- By default, ufw is disabled. Leave it disabled until you need it. You can check the status by doing “sudo ufw status verbose” It should say “inactive”
Reference
https://contextneutral.com/story/creating-an-https-server-with-nodejs-and-express
Advertisements