The following outlines steps on how to enable SSL for a NearlyFreeSpeech hosted site. The SSL service used in this example is Namecheap’s PositiveSSL.
Hosted service with NearlyFreeSpeech with SSH access.
A purchased PositiveSSL certificate from Namecheap.
Prepare a directory on your NearlyFreeSpeech server and move into it:
$ mkdir /home/protected/ssl
$ cd /home/protected/ssl
Generate your private key and csr (certificate signing Request) file (adjust
myserver
to your own domain, if desired):
$ openssl req -new -newkey rsa:2048 -nodes -keyout myserver.key -out myserver.csr
Generating a 2048 bit RSA private key
...
The command will prompt you with a series of questions. Provide:
Your country name code, state/province, city.
Enter your company name and unit name; or just NA
for an individual.
For common name, enter the domain you wish to enable the certificate for (for
example, www.example.org
).
Provide your Email address.
Default values for the rest.
After generation, you should have two (2) files:
File |
Description |
---|---|
myserver.key |
Private Key File |
myserver.csr |
Certificate Signing Request File |
With a purchased SSL certificate from Namecheap, start the activation process
(an “Activate” button should exist for your newly purchased key). The start of
the activation process will ask your for your CSR. Copy-n-paste the content from
your myserver.csr
file into the input. Validate that your “Primary Domain”
matches your target domain. For “Server Type”, ensure the option with
Apache
is selected. Complete the confirmation process.
When your certificate moves from to you should be able to download the certificate by going to “Details –> Download Certificate”. This will invoke a download of a ZIP file which contains the following important files:
File |
Description |
---|---|
www_example_org.ca-bundle |
The Certificate Chain |
www_example_org.crt |
Your Certificate |
Upload both the ca-bundle
and crt
files to your /home/protected/ssl
directory.
Verify your certificate by using the following command:
$ openssl verify -untrusted www_example_org.ca-bundle www_example_org.crt
www_example_org.crt: OK
Enable TLS on your site by invoking the following command:
$ cat myserver.key www_example_org.crt www_example_org.ca-bundle | nfsn -i set-tls
INFO: Enabling TLS for example.org
INFO: Enabling front-end HTTPS for example.org
INFO: Enabling TLS for www.example.org
INFO: Enabling front-end HTTPS for www.example.org
INFO: Flagging canonical name as HTTPS-enabled.
e4: OK (example.org, www.example.org)
e3: OK (example.org, www.example.org)
e6: OK (example.org, www.example.org)
e5: OK (example.org, www.example.org)
OK: Setup was fully confirmed.
In a few moments, your certificate should be up and running.