Installing SSL Certificate

To run the application on https, an SSL certificate is required. After spending a considerable amount of time researching SSL certificate providers, we recommend using Network Solutions as a respectable and reasonably priced SSL service.

Prior to procuring an SSL Certificate, you will need a certificate key for the server. Connect to the server with SSH connection script.

~/connect_ssh

Once logged in, generate a certificate key.

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Enter the requested information, for FQDN use the full URL, for example code.linedrop.io.

Two files will be generated: the key file is for the server and the crs file is to generate the certificate. This way the certificate ensures the authenticity of the server it is tied to.

Move the key and csr file to /etc/ssl.

sudo mv server.key /etc/ssl/

sudo mv server.csr /etc/ssl/

Ordering SSL Certificate

Browse to the Network Solutions website.

Choose Xpress (Domain Validation). You can always upgrade later if you need to.

Purchase the certificate.

Grab a coffee and then check your email for the order configuration.

Once you receive the confirmation, log in to your Network Solutions account.

Generating Certificate

On the top right, click on your name and select Manage Account.

Scroll down to Complete Your Setup… and click Go to open the SSL Control Panel window.

Click Provide Domain.

Enter domain name. For example, linedrop.io.

Click Continue and wait for the next step.

Under Web Host’s Server Software, select Nginx.

Open Terminal on your machine and log in to your server using the login script.

~/connect_ssh

View the content of the server.csr file.

cat /etc/ssl/server.csr

Select and copy the contents of the file from beginning to the end.

Paste the contents into the Network Solutions SSL Control Panel window in the Enter CSR From Web Host field.

Click Continue.

Select an valid email address from the provided list. If you do not have any of those, please create an admin alias for your email address on G Suite. To add a G Suite subscription to your domain, please visit Google Support.

Click Submit.

Check your gmail and open an email from Network Solutions with Domain Control Validation in the subject line; click on the provided link.

Verify that the validation code has been populated into the Enter Code field and click Submit.

Grab another cup of coffee and then check your gmail for the certificate.

Creating a Chained Certificate

Some services, such as Facebook, require your certificate to include all intermediate files. Please follow the instructions to download and combine all files into a single chained certificate.

Once you receive the validation email, login into your Network Solutions account and select My Security Products.

Click on the certificate, then click on the certificate once again to open the portal window.

Download the SSL archive and the CA Bundle. You will need both to create a chained certificate.

  • Click Download SSL. Click Download once more. Save the archive. Uncompress the archive and save DOMAIN.crt file to the deployment directory.
  • Click Download CA Bundle. Click Download once more. Save the certificate bundle dv_chain.txt to the deployment directory.

Open dv_chain.txt in a text editor. Copy the contents of the file.

Open DOMAIN.crt file in a text editor. Scroll down to the end of the file and press the Enter key to start a new line. Paste the contents of the dv-chain.txt file. The line break should look like this:

Save the resulting content as DOMAIN.chained.crt. For example, LINEDROP.IO.chained.crt.

Uploading Certificate

Connect to the server with the SFTP connection script.

~/connect_sftp

Once connected, upload the crt file. The file will be saved on the server in the user home directory.

put DOMAIN.chained.crt

For example, put LINEDROP.IO.chained.crt.

Exit SFTP session.

exit

Connect with the SSH connection script.

~/connect_ssh

Move the chained certificate file to /etc/ssl.

sudo mv *.crt /etc/ssl/

Exit the SSH session.

exit


Next: Configuring Nginx