Instructions for installing the Comodo SSL certificate

Installing the Comodo SSL certificate

PositiveSSL of Comodo SSL Certificate Domain Validation is a lot of people used by low cost, easy to install, does not require paperwork to confirm the information at all.

In this article, I will guide you how to install the certificate on the server PositiveSSL using Nginx.

If you have not registered SSL certificate, refer to promotional SSL blog thiết kế biệt thự

1. Generate certificate

SSL After registration, you need to conduct a new receiving generate the certificate file.

In this step, you need to give Private Key (and CSR Key), be careful to save Private Key to use the steps below. Depending on where you register the certificate that supports key functions automatically generate different.

See also: Plan your keywords for any website

Format private key form:

—– BEGIN PRIVATE KEY —–
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXCvdAoLtG5QRb
GvYZ / 9pOqYYUpA / rZnAAUAFyqdnMcMsYmD6W / m4J9W7 / onDrQX7ExzfAKhbWy + FA
v18S8P7arvjxnjXoS8rs4 / IVwiqLy5PqispyEmlsFp19 / TpJeYltVrrPofiS7 / IV
p095TH66erRgxe54BhzPI2XrurKeqSlgyMbBfgw73KaX3LP7qVcVOSEJWkz9WEhl
RJrYwZ3s8U2iFF7ZK / wX7pVN36XM187pFg6vcIjKWdnOUmgPsOYof6d72koddiPm
oOuDIHAd3M3i1OrhLmx1usHmbL5hj2ls9MI6LOjm15ZAGk + q7lIOsdRfAto8pgE7
u7oB4ts / AgMBAAECggEAaLYGP4oEpzjNLi + qtm5HNxaFG3fn6JAw6XYLvnHGhC5I
NumrUIsDugWwzvmiUmvJ9rerBf94r48HWCfXe7mt335j6gNH7J07aq50KvQpE3lF
xWdfvLwKaX95oOe1giGUMZGR1ZjhGWuNTc3yfPYqn1Mwkg7PV9JiJNrvviFi6K5B
vcjVNBlf44zQG4UMeZ9T / aoVFtmDifRMDQQ62MdzgJs4AE0U2 + MEbN3NBySbeXID
—– END PRIVATE KEY —–
Email sent from Comodo SSL certificate with the same title as follows: ” Your PositiveSSL Certificate for seosieutoc.com “, in the mail with attachment 1 zip seosieutoc_com.zip consists of two files:

seosieutoc_com.crt
seosieutoc_com.ca-bundle
You use any editor, Notepad ++ for example, open the file seosieutoc_com.crt copy and paste the entire contents of the file on top of seosieutoc_com.ca-bundle saved in the file ssl-bundle.crt

At this time, the certificate file ssl-bundle.crt will contain the contents of two files .crt and .ca-bundle

2. Install SSL certificates

This step alone operation on server installation HocVPS Script the server installed Nginx server manually or else how do you keep reading same carefully to understand. Entanglements place to leave a comment I will support always.

Create a file folder containing the certificate:

mkdir -p / etc / nginx / ssl / seosieutoc_com /
Save the content certificate file in this folder, copy / paste using Nano editor

nano /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt
Save the content shared folder Private Key:

nano /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key
Creating parameters DH 2048 bit file, the process will generate a while:

mkdir / etc / nginx / cert /
openssl-out /etc/nginx/cert/dhparam.pem[19459015dhparam2048]
Next, we will adjust the Nginx configuration file. For example, your domain name is seosieutoc.com the file will be the path configuration is /etc/nginx/conf.d/seosieutoc.com.conf

Open up the configuration file with nano

nano /etc/nginx/conf.d/seosieutoc.com.conf
Configuring SSL processing requests

In block server … 2nd adjusted as follows:

+ Transfer listen 80 default_server ; to listen ssl 443 http2 ;

+ The line server_name seosieutoc.com; add the SSL configuration has been optimized yourself:

# SSL
ssl_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers’ ECDHE-ECDSA-CHACHA20-POLY1305: ECDHE-RSA-CHACHA20-POLY1305: ECDHE AES128-GCM-ECDSA-SHA256-: RSA-AES128-ECDHE-GCM-SHA256: ECDHE AES256-GCM-ECDSA-SHA384-: ECDHE- RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES128-SHA256: RSA-AES128-ECDHE-SHA256: ECDHE-ECDSA-AES128- SHA: RSA-AES256-ECDHE-SHA384: RSA-AES128-ECDHE-SHA: ECDHE-ECDSA-AES256-SHA384: ECDHE AES256-SHA-ECDSA-: RSA-AES256-ECDHE-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES256-SHA: ECDHE-ECDSA-DES-CBC3-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES CBC3-SHA: AES128-GCM-SHA256: AES256-GCM-SHA384: AES128-SHA256: AES256-SHA256: AES128-SHA: AES256-SHA: DES-CBC3-SHA:! DSS ‘;

OCSP ## Stapling
127.0.0.1 resolver;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;

# Improve performance with HTTPS session resumption
ssl_session_cache shared: SSL: 50m;
ssl_session_timeout 1d;

ssl_session_tickets off;

# DH parameters
ssl_dhparam /etc/nginx/cert/dhparam.pem;

# Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
Strict-Transport-Security add_header “max-age = 31536000” always;
Redirect entire www http to https link

In block server … at the top:

+ Transfer server_name www.seosieutoc.com ; to server_name seosieutoc.com www.seosieutoc.com ;

+ Transfer rewrite ^ (. *) http : //seosieutoc.com$1 permanent; to rewrite ^ (. *) https : //seosieutoc.com$1 permanent;

Results are as follows:

server
listen 80;
server_name seosieutoc.com www.seosieutoc.com ;
rewrite ^ (. *) https : //seosieutoc.com$1 permanent;

Now when accessed http://seosieutoc.com and will automatically redirect to http://www.seosieutoc.com https://seosieutoc.com

Redirect entire www https link to https

Add new block server … at the top

server
http2 listen ssl 443;
server_name www.seosieutoc.com;

# SSL
ssl_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers’ ECDHE-ECDSA-CHACHA20-POLY1305: ECDHE-RSA-CHACHA20-POLY1305: ECDHE AES128-GCM-ECDSA-SHA256-: RSA-AES128-ECDHE-GCM-SHA256: ECDHE AES256-GCM-ECDSA-SHA384-: ECDHE- RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES128-SHA256: RSA-AES128-ECDHE-SHA256: ECDHE-ECDSA-AES128- SHA: RSA-AES256-ECDHE-SHA384: RSA-AES128-ECDHE-SHA: ECDHE-ECDSA-AES256-SHA384: ECDHE AES256-SHA-ECDSA-: RSA-AES256-ECDHE-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES256-SHA: ECDHE-ECDSA-DES-CBC3-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES CBC3-SHA: AES128-GCM-SHA256: AES256-GCM-SHA384: AES128-SHA256: AES256-SHA256: AES128-SHA: AES256-SHA: DES-CBC3-SHA:! DSS ‘;

rewrite ^ (. *) https: //seosieutoc.com$1 permanent;

At this time when access will be automatically redirected to https://www.seosieutoc.com https://seosieutoc.com

Configuring SSL with port management HocVPS Admin Script

If you install SSL for the domain name used HocVPS Script, add SSL configuration required when using the port. For example, if your installation to the default port 2313 .

Find block server … line listen 2313;

Add text and paragraph ssl SSL configuration similar to below:

server {
listen 2313 ssl http2 ;
access_log off;
log_not_found off;
error_log off;
/home/seosieutoc.com/private_html root;
index.htm index.html index.php index;
server_name seosieutoc.com;

# SSL
ssl_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers’ ECDHE-ECDSA-CHACHA20-POLY1305: ECDHE-RSA-CHACHA20-POLY1305: ECDHE AES128-GCM-ECDSA-SHA256-: RSA-AES128-ECDHE-GCM-SHA256: ECDHE AES256-GCM-ECDSA-SHA384-: ECDHE- RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES128-SHA256: RSA-AES128-ECDHE-SHA256: ECDHE-ECDSA-AES128- SHA: RSA-AES256-ECDHE-SHA384: RSA-AES128-ECDHE-SHA: ECDHE-ECDSA-AES256-SHA384: ECDHE AES256-SHA-ECDSA-: RSA-AES256-ECDHE-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES256-SHA: ECDHE-ECDSA-DES-CBC3-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES CBC3-SHA: AES128-GCM-SHA256: AES256-GCM-SHA384: AES128-SHA256: AES256-SHA256: AES128-SHA: AES256-SHA: DES-CBC3-SHA:! DSS ‘;

auth_basic “Restricted”;
auth_basic_user_file /home/seosieutoc.com/private_html/hocvps/.htpasswd;


Now HocVPS Script link Admin login will be https://seosieutoc.com

Nginx configuration file will eventually be similar to the following:

server
http2 listen ssl 443;
server_name www.seosieutoc.com;

# SSL
ssl_certificate /etc/letsencrypt/live/seosieutoc.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seosieutoc.com/privkey.pem;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH + CHACHA20: EECDH + AES128: RSA + AES128: EECDH + AES256: RSA + AES256: EECDH + 3DES: RSA + 3DES:! MD5;

rewrite ^ (. *) https: //seosieutoc.com$1 permanent;

server
listen 80;
server_name seosieutoc.com www.seosieutoc.com;
rewrite ^ (. *) https: //seosieutoc.com$1 permanent;

server rar

server
ssl http2 listen 2313;
access_log off;
log_not_found off;
error_log off;
/home/seosieutoc.com/private_html root;
index.htm index.html index.php index;
server_name seosieutoc.com;

# SSL
ssl_certificate /etc/letsencrypt/live/seosieutoc.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seosieutoc.com/privkey.pem;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH + CHACHA20: EECDH + AES128: RSA + AES128: EECDH + AES256: RSA + AES256: EECDH + 3DES: RSA + 3DES:! MD5;

auth_basic “Restricted”;
auth_basic_user_file /home/seosieutoc.com/private_html/hocvps/.htpasswd;

location /
$ uri $ uri try_files / /index.php;
location ~ .php $
fastcgi_split_path_info ^ (. + . php) (/.+) $;
include / etc / nginx / fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_connect_timeout 1000;
fastcgi_send_timeout 1000;
fastcgi_read_timeout 1000;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /home/seosieutoc.com/private_html$fastcgi_script_name;

location ~ / .
deny all;
Check your Nginx configuration standard view has not

nginx -t
Restart Nginx

service nginx restart
If you use WordPress, install the plugin Really Simple SSL to redirect http to https automatically and transfer the entire link .css, .js to https. The address bar will be green at this time.

Access time to enjoy the fruits domain only. Wish you success.

See also: 

The most searched keywords: dich vu seo, thiết kế biệt thự cổ điển, máy ép bùn khung bản

Why you should focus on improving the speed of web load in 2017

Google AdSense: 10 Methods of optimizing revenue for Web page

Instructions for installing the Comodo SSL certificate
3.18 (63.53%) 170 votes

Special Holiday Offers HostUS, 2GB RAM VPS cost only $ 25 / year

Coupon VPS from Host Us

Welcome the year-end holidays, HostUS taken various promotions including 2 OpenVZ VPS package super cheap prices KVM VPS and VPS STORAGE.

Parameter 2 VPS promotional package this session as follows:

OpenVZ VPS

KVM VPS STORAGE

$ 25/per year

  • 256MB of RAM
  • 180GB Disk Space (RAID 10)
  • 1 vCPU Core
  • 1TB Bandwidth
  • 1Gbps Port (Fair Share)
  • 1 IPv4 & IPv6 4
  • Location: US
  • Annual Price: $ 25
  • Quarterly Price: $ 8

Package VPS 2GB This is too good for dich vu seo web, the price is only $ 25 when paid in years, counted out just $ 2.08 / month only. Also pack KVM VPS STORAGE RAM at 256MB web server should not do, however, high-capacity 180GB Disk Space (RAID 10) can do server storage, backup.

In addition, this phase HostUS discount coupon also launched a range of services on site, press the corresponding button to copy code:

8ATPBD47L2 – Shared Hosting 30% discount when paying by year
SDSFI4V78Y – 20% discount Reseller Hosting
M2YSVHK9W2 – 25% Off & KVM VPS OpenVZ packages
GN47EO8JD6 – Comodo PositiveSSL cost only $ 4.99 / year

Deals stretching from now until 01/03/2017 or end slot when registering. The entire coupon, promotion is only for new subscribers only.

If you need to register Hong Kong or Singapore location, refer to article.

Special Holiday Offers HostUS, 2GB RAM VPS cost only $ 25 / year
5 (100%) 10 vote