SSLs encrypt internet traffic and are required by most browsers currently.  Without an SSL you will be given a warning saying the site isn’t safe, or similar.


Adding an SSL can only be done by an administrator and is typically handled by Anovys for you.


Creating The First SSL


  1. Create the CSR from the CLI


openssl req -new -newkey rsa:2048 -nodes -keyout sprout.domain.tld.key -out sprout.domain.tld.csr


  1. Copy the resulting key file to the /etc/ssl/private directory


sudo cp sprout.domain.tld.key /etc/ssl/private/


  1. Submit the resulting CSR to the certification authority (CA) for validation
  2. The CA will provide a server and a CA bundle upon validation.  Those two files must be combined into the ssl-bundle.crt file.  
    1. To accomplish this do the following:


sudo nano /etc/ssl/certs/ssl-bundle.crt


  1. First copy the sprout.domain.tld.crt data in to the new file
  2. Second copy the sprout.domain.tld-ca-bundle data into the new file
  3. Save the new file
  1. Edit the Nginx config and add the following data immediately after the call out for port 80
    1. The file is in /etc/nginx/sites-available


listen 443;

server_name sprout.domain.tld;

ssl on;

ssl_certificate /etc/ssl/certs/ssl-bundle.crt;

ssl_certificate_key /etc/ssl/private/sprout.domain.tld.key;

ssl_prefer_server_ciphers on;


  1. Save the config file
  2. Restart Nginx


sudo /etc/init.d/nginx restart


  1. Test via a web browser


Renewing An SSL


  1. Create the CSR from the CLI


openssl req -new -newkey rsa:2048 -nodes -keyout sprout.domain.tld.key -out sprout.domain.tld.csr


  1. Copy the resulting key file to the /etc/ssl/private directory


sudo cp sprout.domain.tld.key /etc/ssl/private/


  1. Submit the resulting CSR to the certification authority (CA) for validation
  2. The CA will provide a server and a CA bundle upon validation.  Those two files must be combined into the ssl-bundle.crt file.  
    1. To accomplish this do the following:


sudo nano /etc/ssl/certs/ssl-bundle.crt


  1. Remove all current data in the ssl-bundle.crt file
  2. Copy the sprout.domain.tld.crt data in to the new file
  3. Copy the sprout.domain.tld-ca-bundle data into the new file
  4. Save the file
  1. Restart Nginx


sudo /etc/init.d/nginx restart


  1. Test via a web browser