To run the application on https, an SSL certificate is required. After spending a considerable amount of time researching SSL certificate providers, we recommend using Network Solutions as a respectable and reasonably priced SSL service.
Prior to procuring an SSL Certificate, you will need a certificate key for the server. Connect to the server with SSH connection script.
Once logged in, generate a certificate key.
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Enter the requested information, for FQDN use the full URL, for example code.linedrop.io.
Two files will be generated: the key file is for the server and the crs file is to generate the certificate. This way the certificate ensures the authenticity of the server it is tied to.
Move the key and csr file to /etc/ssl.
sudo mv server.key /etc/ssl/
sudo mv server.csr /etc/ssl/
Browse to the Network Solutions website.
Choose Xpress (Domain Validation). You can always upgrade later if you need to.
Purchase the certificate.
Once you receive the confirmation, log in to your Network Solutions account.
On the top right, click on your name and select Manage Account.
Scroll down to Complete Your Setup… and click Go to open the SSL Control Panel window.
Click Provide Domain.
Enter domain name. For example, linedrop.io.
Click Continue and wait for the next step.
Under Web Host’s Server Software, select Nginx.
Open Terminal on your machine and log in to your server using the login script.
View the content of the server.csr file.
Select and copy the contents of the file from beginning to the end.
Paste the contents into the Network Solutions SSL Control Panel window in the Enter CSR From Web Host field.
Select an valid email address from the provided list. If you do not have any of those, please create an admin alias for your email address on G Suite. To add a G Suite subscription to your domain, please visit Google Support.
Check your gmail and open an email from Network Solutions with Domain Control Validation in the subject line; click on the provided link.
Verify that the validation code has been populated into the Enter Code field and click Submit.
Some services, such as Facebook, require your certificate to include all intermediate files. Please follow the instructions to download and combine all files into a single chained certificate.
Once you receive the validation email, login into your Network Solutions account and select My Security Products.
Click on the certificate, then click on the certificate once again to open the portal window.
Download the SSL archive and the CA Bundle. You will need both to create a chained certificate.
Open dv_chain.txt in a text editor. Copy the contents of the file.
Open DOMAIN.crt file in a text editor. Scroll down to the end of the file and press the Enter key to start a new line. Paste the contents of the dv-chain.txt file. The line break should look like this:
Save the resulting content as DOMAIN.chained.crt. For example, LINEDROP.IO.chained.crt.
Connect to the server with the SFTP connection script.
Once connected, upload the crt file. The file will be saved on the server in the user home directory.
For example, put LINEDROP.IO.chained.crt.
Exit SFTP session.
Connect with the SSH connection script.
Move the chained certificate file to /etc/ssl.
sudo mv *.crt /etc/ssl/
Exit the SSH session.
Next: Configuring Nginx