WordPress-Nginx + GoDaddy SSL Setup

After exploring different WordPress-Nginx configurations lets head over to secure your WordPress.

Steps mentioned in this article are similar for all kind of WordPress-Nginx configuration.

Step 1: Create CSR – Certificate Signing Request on Nginx Server

Create a directory to store keys & certifcates for example.com domain. You can use any directory. Following example uses these conventions.

mkdir /var/www/example.com/cert/
cd /var/www/example.com/cert/

Next, create a 2048-bit private key

openssl genrsa -out example.com.key 2048

Finally Create a CSR (Certificate signing request)

openssl req -new -key example.com.key -out example.com.csr

Running this command will ask you some details. For Common Name (eg, YOUR name) []: field use example.com (or *.example.com if you are setting up a wild-card SSL certificate)

Note: www.example.com and example.com are not same. Use exactly same domain your website is using.

Step 2: Get a SSL Certificate from GoDaddy

  1. Buy a SSL certificate from GoDaddy.com.
  2. Paste CSR i.e. content of example.com.csr in GoDaddy web-interface. You will need to provide some more details, Try to match them to details in Step #1.
  3. Depending on type of certificate, it may take some time for GoDaddy to approve your certificate.
  4. Once certificate is approved, you can download it. For detailed instructions on downloading, please refer this.

Promo: You can buy Thwate SSL certificates from us. We are a Thwate reseller but we sell cheaper than them! 😉

Step 3: Fix Intermediate Certificate Chain

The zip file you will get from Godaddy will contain 2 files: example.com.crt and gd_bundle.crt.

One is your certificate and other is bundle i.e intermediate certificates. Nginx doesn’t have a special directive to specify path to certificate bundle/chain file. So we need to append bundle into SSL certificate file itself in a way that SSL certificate remains on top.

You can do it simply by running following command:

cat gd_bundle.crt >> example.com.crt

Move this example.com.crt file to /var/www/example.com/cert/directory on nginx server.

Step 4: Adjusting Nginx Configuration

Enable SSL for example.com

Make it look like below:

server {
    listen 443;
    server_name example.com;
    ssl on;
    ssl_certificate /var/www/example.com/cert/example.com.crt;
    ssl_certificate_key /var/www/example.com/cert/example.com.key;
 #... other stuff
}

Force non SSL site to redirect traffic to SSL

Add following codes if you want to force SSL on your site.

server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

Turn on SSL session cache for performance

In file /etc/nginx/nginx.conf, inside http {..} block add following:

http {
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    #... other stuff
}

Also make sure value of worker_processes directive is greater than 1 (only if your server has multiple cores).

Finally, reload the processes to make the change take effect.

service nginx reload

Step-4: Ask WordPress to use SSL

Add following to you WordPress’s wp-config.php file.

To force SSL for login form:

define('FORCE_SSL_LOGIN', true);

To force SSL for wp-admin section:

define('FORCE_SSL_ADMIN', true);

Step-5: Verifying SSL Installation

Last and most important step is to verify if we have installed SSL certificate properly.

Below are some nice online tools to help you with that:

  1. https://www.wormly.com/test_ssl
  2. https://sslcheck.globalsign.com/en_US/sslcheck

If you face any issues, feel free to use our free support forum.

Links: WordPress-Nginx Series | Buy Thawte SSL Certificates for upto 67% discount

7 responses to “WordPress-Nginx + GoDaddy SSL Setup”

  1. Hi, I’ve been following along and everything seems to be working (Nginx + WordPress + fastcgi_cache with conditional purging).
    However, all the plugins for managing HTTPS I can find in WordPress are giving unexpected behaviour eg. Latching entire site on HTTPS once redirected from HTTP, or not redirecting to HTTPS from HTTP at all. I will say though, The WP-config.php force HTTPS for login and admin are the only things that seem to function as Expected.

    I am hoping where I have gone wrong is here, due to having a non-standard setup after I botched this step:

    Make it look like below:

    server {
    listen 443;
    server_name example.com;
    ssl on;
    ssl_certificate /var/www/example.com/cert/example.com.crt;
    ssl_certificate_key /var/www/example.com/cert/example.com.key;
    #... other stuff
    }

    Sorry, but make what look like below – our sites config file in sites enabled/available?

    If so, does the block in question code go in its own server {…} block before or after the existing server block already configured in past tutorials {}
    (this works but may not be right?)

    -If not, and it should be simply put above ‘#other stuff’ how should this SSL server block {} be combined with the existing Non-SSL server block {}
    already with server name defined as server_name: example.com www.example.com – from a previous WP/Nginx config tutorial
    (this doesn’t work I think because of the duplicate of servername:?)

    Hope you can help,
    KC

  2. Correction:

    server_name: example.com http://www.example.com – from a previous WP/Nginx config tutorial

    Was meant to be:

    server_name: example.com www.example.com – from a previous WP/Nginx config tutorial

  3. The configuration options discussed here didn’t work for me because I wanted SSL to be optional. the “ssl on;” directive makes SSL required. I used the following configuration directives and they work great for me:

    server {
    listen 80;
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /var/www/example.com/cert/example.com.crt;
    ssl_certificate_key /var/www/example.com/cert/example.com.com.key;
    … other stuff
    }

    I then set the option in wp-config.php to force SSL for admin pages only.