0
0
NginxHow-ToBeginner · 3 min read

How to Use ssl_certificate Directive in Nginx for HTTPS

Use the ssl_certificate directive in the Nginx server block to specify the path to your SSL certificate file. Pair it with ssl_certificate_key to set the private key file, enabling HTTPS for your site.
📐

Syntax

The ssl_certificate directive sets the path to the SSL certificate file used by Nginx for HTTPS connections. It must be used inside a server block that listens on port 443. The ssl_certificate_key directive specifies the private key file matching the certificate.

Both files are usually in PEM format and must be readable by Nginx.

nginx
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private.key;
💻

Example

This example shows a minimal Nginx server block configured to serve HTTPS using ssl_certificate and ssl_certificate_key. It listens on port 443 and enables SSL.

nginx
server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;

    location / {
        root /var/www/html;
        index index.html;
    }
}
Output
Nginx starts and serves HTTPS requests on https://example.com using the specified certificate and key.
⚠️

Common Pitfalls

  • Using incorrect file paths for the certificate or key causes Nginx to fail to start.
  • Mixing up the certificate and key files leads to SSL errors.
  • Not setting listen 443 ssl; disables SSL on the server block.
  • Permissions on certificate or key files must allow Nginx to read them.
  • Using a certificate without the full chain (intermediate certificates) can cause browser trust errors.
nginx
## Wrong way (missing ssl directive):
server {
    listen 443;
    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;
}

## Right way:
server {
    listen 443 ssl;
    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;
}
📊

Quick Reference

DirectivePurposeExample
ssl_certificatePath to SSL certificate file/etc/ssl/certs/example.com.crt
ssl_certificate_keyPath to private key file/etc/ssl/private/example.com.key
listenPort and SSL enablementlisten 443 ssl;
server_nameDomain name servedserver_name example.com;

Key Takeaways

Always specify both ssl_certificate and ssl_certificate_key inside a server block listening on 443 with ssl enabled.
Ensure file paths are correct and files are readable by Nginx to avoid startup errors.
Use full certificate chains to prevent browser trust issues.
The listen directive must include ssl for HTTPS to work.
Check permissions and ownership of certificate and key files for security and access.

Related by keyword

What is index directive in Nginx: Explanation and UsageConfiguration BasicsWhat is listen directive in Nginx: Explanation and UsageConfiguration BasicsWhat is root directive in Nginx: Explanation and ExampleConfiguration BasicsHow to Use log_format Directive in Nginx for Custom LogsLoggingWhat is map directive in NGINX: Usage and ExamplesURL Rewriting

Up next

Round Robin vs Least Connections in NGINX: Key Differences and UsageWhat is Upstream in Nginx: Explanation and ExampleHow to Bypass Cache in Nginx: Simple Configuration GuideHow to Configure Caching in Nginx for Faster Web Performance

More in SSL TLS

How to Auto Renew SSL Certificate in Nginx EasilyHow to Configure HSTS in Nginx for Secure HTTPSHow to Configure SSL Ciphers in Nginx for Secure ConnectionsHow to Configure SSL in Nginx: Simple Steps