mkdir /etc/ssl/ssls/
cd /etc/ssl/ssls/

openssl req -nodes -newkey rsa:2048 -keyout site_name.key -out site_name.csr

When last command asks for CN use your domain name, it is important. For example:

  • mydomain.com - for single domains
  • *.mydomain.com - for wildcard domains

Copy csr and paste to ssls.com

cat site_name.csr 

When your get your archieve doma.in.zip extract it in /etc/ssls/ and do


for f in site_name.crt site_name.ca-bundle ; do cat $f; echo;
done > ssl-bundle.crt


Next you can add to your nginx server:


ssl on;
ssl_certificate /etc/ssl/ssls/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/ssls/site_name.key;


Note. If you created key with PEM passphrase when you executed openssl req (it will happen if you will not pass -nodes key), then not forget to remove it from .key before using in nginx

openssl rsa -in /etc/ssl/ssls/site_name.key -out /etc/ssl/ssls/site_name_no_pass.key


And use site_name_no_pass.key in nginx config