SSL in DigitalOcean

Goto your server and

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr



  1.  Generate Key and CSR file for request certificate in hosting by using command
    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ -out /etc/ssl/certs/
  2. Go to control panel which hosting provide SSL and download
  3. Now you will get 2 files are *.key and *.crt
  4. copy file domainName.key to /etc/ssl/private/
  5. copy file domainName.crt to /etc/ssl/certs/ 
  6. modify file default in sudo nano /etc/nginx/sites-available/default as bellow

server {

        listen 80 default_server;

        listen [::]:80 default_server;

        # SSL configuration


        listen 443 ssl http2 default_server;

        listen [::]:443 ssl http2 default_server;


        # Note: You should disable gzip for SSL traffic.

        # See:


        # Read up on ssl_ciphers to ensure a secure configuration.

        # See:


        # Self signed certs generated by the ssl-cert package

        # Don’t use them in a production server!


        # include snippets/snakeoil.conf;

        root /var/www/landing-page;

        # Add index.php to the list if you are using PHP

        index index.html index.htm index.nginx-debian.html;


        #ssl on;

        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

        ssl_ciphers         “HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES”;

        ssl_certificate     /etc/ssl/certs/;

        ssl_certificate_key /etc/ssl/private/;

        location / {

                # First attempt to serve request as file, then

                # as directory, then fall back to displaying a 404.

                try_files $uri $uri/ =404;




server {

       listen         80;


       return         301 https://$server_name$request_uri;




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s