The steps to replace the Nginx SSL certificate are as follows:
- Get a new certificate
You first need to obtain a new SSL certificate, which you can buy from a certificate authority (CA) or use a self-signed certificate. When obtaining a certificate, you need to obtain a certificate file and a key file.
- backup old certificate
Before replacing the certificate, you need to back up the old certificate. You can copy both the old certificate file and key file to a new directory.
- Configure Nginx
The next step in replacing the certificate is to update the SSL configuration in the Nginx configuration file. Usually, Nginx's SSL configuration is located in nginx.conf
the file . Open the file and find the server
configuration block.
In this configuration block, update the path to the SSL certificate and the path to the key. For example, if your new certificate and key files are located in /etc/nginx/ssl/
the directory , you can add the following line to server
the configuration block:
ssl_certificate /etc/nginx/ssl/new_cert.crt;
ssl_certificate_key /etc/nginx/ssl/new_cert.key;
Also, if your old certificate has not expired, you can comment it out or delete it. For example, if your old certificate and key files are located at/etc/nginx/ssl/
directory, the following lines can be commented out:
#ssl_certificate /etc/nginx/ssl/old_cert.crt;
#ssl_certificate_key /etc/nginx/ssl/old_cert.key;
- Restart Nginx
After updating the configuration, Nginx needs to be restarted for the changes to take effect. Nginx can be restarted with the following command:
sudo systemctl restart nginx
This completes the replacement of the Nginx SSL certificate.