Install an SSL Certificate on Linux

To install an SSL certificate on linux-like servers without using a control panel, SSH into your web server and run an openssl command to generate a CSR (Certificate Signing Request). The CSRidentifies which server will use your certificate, as well as the domain names (common names) you’ll use for the certificates.

The command will generate a .csr file and its related private .key file. For example, to generate a 2048-bit CSR:

$ openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Should you wish to generate a 4096-bit CSR, simply pass in 4096 instead of 2048.

$ openssl req -new -newkey rsa:4096 -nodes -keyout yourdomain.key -out yourdomain.csr

When running the command and before the the .csr file is generated, you’ll be prompted to fill out the following information:

  • Common Name – The fully qualified domain name or URL, you’ll be securing.
  • Organisation – The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.
  • Organisation Unit – If applicable, enter the ‘doing business as’ name.
  • City or Locality – Name of the city where your company is registered/located.
  • State or Province – Name of the state or province where your organisation is located.
  • Country – The two-letter country code for where your organisation is legally registered.

After filling out the information, the CSR and private key files will be created. You will need to download the CSR and supply it to your chosen CA (Certificate Authority) in order to apply for a certificate.

When you have received this certificate file from the CA, usually a .crt file, you’ll be ready to secure your domain. Ensure you upload the .crt file onto your server and make a note of the directory you upload it to.

If your website runs on an Apache, you’ll need to modify your virtual hosts (vhosts) configuration to include the certificate and private key file.

DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key

If running Nginx, modify the relevant configuration .conf file.

server {

    listen   443;

    ssl    on;
    ssl_certificate    /path/to/yourdomain.crt;
    ssl_certificate_key    /path/to/yourdomain.key;

    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
        root   /var/www/html;
        index  index.html;