Monthly Archives: February 2017

Renew Expired SSL Certification in Nginx Server

Each SSL Certification has its own valid date. When your server’s certification is expired, your website will be not visitable. In this case, you need to renew your expired certification. It is quite simple and easy. But Here I just write it down to record its steps.

Step1: check its valid date

openssl x509 -in domain.crt -noout -enddate

Step2: copy the new certificate files to your server

This step depends on your service, I mean which SSL service you get. For me, I get this service from Godaddy. I need to go to Godaddy to get new crt files. There are two crt files which you need to download.

And then you need to use SCP command to copy these files to your server. If you forget the target location, you just need to go to your Nginx’s conf file to check this parameter: ssl_certificate and you will know where to copy to.

Here is an example of SSL part in Nginx.

ssl on;
ssl_certificate /etc/ssl/domain.crt;
ssl_certificate_key /etc/ssl/domain.key;

Here ssl_certificate is your primary certificate; ssl_certificate_key should be the key file generated when you created the CSR.

Please note, this part is just to update expired SSL certificate so you don’t need to do anything on the key file.

Step3: concatenate the SSL certificate and intermediate certificate

In fact, you need to backup or remove the existing expired domain.crt first and the do concatenate. Just for safe.

cat 29393****.crt gd_bundle-g2-g1.crt >> domain.crt

Step4: restart Nginx

sudo nginx -s reload