/ tech-note

How to set up SSL on namecheap?

These kind of things are so boring to learn and implement, yet are required to execute only once. So I would like to share my experience with it.

My environment is the following:

  • node.js app
  • Google Compute Engine
  • Nginx
  • Domain purchased on namecheap with PositiveSSL

First, you have to run the following set of commands to generate private key and CSR files:

openssl genrsa 2048 > private-key.pem
openssl req -new -key private-key.pem -out csr.pem

You are asked a set of questions. Note that you must fill the Common Name to the correct domain name; otherwise it will be useless. For the other fields, you don't necessarily need to fill in them. But I recommend at least you write in your company name. Namecheap strongly recommends to fill in all the fields as you might be rejected by Namecheap or the Certificate Authority. Also note that the wildcard domain *.example.com is only supported if you contract a wildcard domain product on Namecheap.

Now, you have both private key and CSR; go to the admin page of the namecheap and fill in your CSR:

cat csr.pem

Do NOT include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

Now, you must put them in your virtual machine. Download the Certificate file from namecheap, and run the follwing command:

cat example_com.crt example_com.ca-bundle > cert_chain.crt

Then, put the cert_chain.crt as well as private-key.pem on your virtual machine. The location is /etc/nginx/ssl/.

Finally, alter the nginx's configuration (e.g. /etc/nginx/sites-available/default) to ensure the HTTPS connection:

server {
    listen 80;
    listen 443 ssl;
    server_name example.com;
ssl_certificate        /etc/nginx/ssl/cert_chain.crt;
ssl_certificate_key    /etc/nginx/ssl/private-key.pem;

Then restart your nginx and everything should be working fine now.

The following resources might be useful as well: