How to Set Up Fullchain SSL with Sectigo Certificate on Nginx: A Step-by-Step Guide

 To set up a fullchain SSL using your Sectigo SSL certificate in Nginx, follow these steps:

1. Prepare Your Certificate Files

   - You should have received the following files from Sectigo:

     - Your Domain Certificate (e.g., your_domain.crt)

     - Intermediate Certificate(s) (e.g., SectigoRSAOrganizationValidationSecureServerCA.crt)

     - Private Key (e.g., your_domain.key)

   - Combine your domain certificate and the intermediate certificate(s) into a single fullchain.crt file:

bash$cat your_domain.crt My_CA_Bundle.ca-bundle 
AAACertificateServices.crt > fullchain.crt

  

2. Upload the Files to Your Server

   - Upload the following files to your server (e.g., in `/etc/nginx/ssl/`):

     - `fullchain.crt`

     - `your_domain.key`

3. Configure Nginx

   - Edit your Nginx configuration file (usually located at `/etc/nginx/nginx.conf` or `/etc/nginx/sites-available/your_domain.conf`).

   - Add or update the `server` block to include the SSL configuration:

     ```nginx

     server {

         listen 443 ssl;

         server_name your_domain.com;

         ssl_certificate /etc/nginx/ssl/fullchain.crt;

         ssl_certificate_key /etc/nginx/ssl/your_domain.key;

         ssl_protocols TLSv1.2 TLSv1.3;

         ssl_ciphers HIGH:!aNULL:!MD5;

         location / {

             root /var/www/your_domain;

             index index.html index.htm;

         }

     }

     ```

   - If you want to redirect HTTP traffic to HTTPS, add this `server` block:

     ```nginx

     server {

         listen 80;

         server_name your_domain.com;

         return 301 https://$host$request_uri;

     }

     ```

4. Test the Nginx Configuration

   - Test the Nginx configuration to ensure there are no syntax errors:

     ```bash

     sudo nginx -t

     ```

 5. Reload Nginx

   - If the test is successful, reload Nginx to apply the changes:

     ```bash

     sudo systemctl reload nginx

     ```

6. Verify the SSL Installation

   - Visit your website using `https://your_domain.com` and ensure the SSL certificate is working correctly.

   - You can also use tools like [SSL Labs' SSL Test](https://www.ssllabs.com/ssltest/) to verify the installation.

7. Optional: Enable HSTS (HTTP Strict Transport Security)

   - To enforce HTTPS and improve security, add the following line inside the `server` block for port 443:

     ```nginx

     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

     ```

8. Optional: Automate Certificate Renewal

   - If your certificate is not auto-renewed, set up a cron job or script to handle renewal and reload Nginx when the certificate is updated.

Check your SSL setup, https://www.sslshopper.com/ssl-checker.html

That's it! Your Nginx server should now be serving your site with the Sectigo SSL certificate.