Release Notes

Announcements

Notice on price adjustment of DigiCert and its affiliated brands'SSL certificates

Price Change to DigiCert SSL Certificates

TrustAsia Root Certificate Update

Domain Validation Policy Update

SSL Certificate Service Console

Multi-Year SSL Certificate and Automatic Review

Notice on Stopping the Issuance of 2-Year SSL Certificates by CAs Starting from September 1, 2020

Announcement on Stop Using the Symantec SSL Certificate Name After 30 April 2020

Notice on Certificate Revocation Due to Private Key Compromises

Notice on Application Limits for DV SSL Certificates

Notice on Adjustment of Free SSL Certificates Policy

Let's Encrypt Root Certificate Expired on September 30, 2021

Product Introduction

Overview

Introduction to Tencent Cloud SSL Certificates

Strengths

Advantages of HTTPS

Browser Compatibility Test Report

Multi-Year SSL Certificate and Automatic Review Overview

SSL Certificate Security

Purchase Guide

Pricing

SSL Certificate Purchase Process

SSL Certificate Selection

Paid SSL Certificates Renewal

SSL Certificate Renewal Process

SSL Certificate Refund Process

Getting Started

Certificate Application

Information Submission Process for Paid SSL Certificates

Domain Ownership Validation

Domain Validation Method Selection

Automatic DNS Addition

DNS Validation

File Validation

Automatic DNS Validation

Automatic File Validation

Validation Result Troubleshooting Guide

Operation Guide

Domain Ownership Verification

Uploading Certificates

Secured Seal

CSR Management

Certificate Installation

Installing an SSL Certificate on a Tencent Cloud Service

Installation of International Standard Certificates

Selecting an Installation Type for an SSL Certificate

Certificate Management

Instructions on SSL Certificate Auto-Renewal

Certificate Hosting

Uploading (Hosting) an SSL Certificate

Reminding Reviewers to Review an SSL Certificate Application

Revoking an SSL Certificate

Deleting an SSL Certificate

Reissuing an SSL Certificate

Ignoring SSL Certificate Notifications

Customizing SSL Certificate Expiration Notifications

API Documentation

History

Introduction

API Category

Making API Requests

Certificate APIs

Certificate Renewal (Certificate ID Unchanged) APIs

CSR APIs

Data Types

Error Codes

Use Cases

Automatic Solution for Implementing and Issuing Multi-Year Certificates and Binding Resources

Apple ATS Server Configuration

Quickly Applying for a Free SSL Certificate via DNSPod

Enabling Tencent Cloud DDNS and Installing Free Certificates for Synology NAS

Batch Applying for and Downloading Free Certificates Using Python-based API Calls

Profile Management

Adding Organization Profile

Adding Administrator

Adding Domain

Troubleshooting

Domain Validation Failed

Domain Security Review Failed

Website Inaccessible After an SSL Certificate is Deployed

404 Error After the SSL Certificate is Deployed on IIS

“Your Connection is Not Secure” is Displayed After the SSL Certificate is Installed

Message Indicating Parsing Failure Is Displayed When a Certificate Is Uploaded

Automatic DNS Validation Failed for a Domain Hosted with www.west.cn

Host Name Field Cannot Be Edited in IIS Manager When Type Is Set to https

Message Indicating Intermediate Certificates Missing in Chain Is Displayed When a Free SSL Certificate Is Deployed on IIS

FAQs

SSL Certificate Selection

SSL Certificate Application

SSL Certificate Management

SSL Certificate Installation

SSL Certificate Region

SSL Certificate Review

SSL Certificate Taking Effect

SSL Certificate Billing and Purchase

SSL Certificate Validity Period

Related Agreement

SSL Service Level Agreement

Glossary

Installing an SSL Certificate on an Nginx Server

PDF

포커스 모드

폰트 크기

마지막 업데이트 시간: 2026-01-29 16:11:18

The following video shows you how to install an SSL certificate on an Nginx server:
Overview
This document describes how to install an SSL certificate on an Nginx server.
Note: 
The certificate name cloud.tencent.com is used as an example.
The nginx/1.18.0 version is used as an example.
The current server OS is CentOS 7. Detailed steps vary slightly by OS.
Before you install an SSL certificate, enable the default HTTPS port 443 on the Nginx server so that HTTPS can be enabled after the certificate is installed. For more information, see How Do I Enable Port 443 for a VM?﻿
For detailed directions on how to upload SSL certificate files to a server, see Copying Local Files to CVMs.
Prerequisites
Install the remote file copy tool such as WinSCP. The latest official version is recommended.
We recommend that you use CVM's file upload feature for deployment to CVM.
Install the remote login tool such as PuTTY or Xshell. The latest official version is recommended.
Install the Nginx service containing http_ssl_module module in the current server.
The data required to install the SSL certificate includes the following:
Name
Description
Server IP address
IP address of the server, which is used to connect the PC to the server.
Username
The username used to log in to the server.
Password
The password used to log in to the server.
Note: 
For a CVM instance purchased on the Tencent Cloud official website, log in to the CVM console to get the server IP address, username, and password.
Directions
Installing the certificate
1. Log in to the SSL Certificate Service console, and click Download for the certificate you need to install.
2. In the pop-up window, select Nginx for the server type, click Download, and decompress the cloud.tencent.com certificate file package to the local directory.
After decompression, you can get the certificate file of the corresponding type, which includes the cloud.tencent.com_nginx folder.
Folder: cloud.tencent.com_nginx
Files in the folder:
cloud.tencent.com_bundle.crt: Certificate file
cloud.tencent.com_bundle.pem: Certificate file (optional)
cloud.tencent.com.key: Private key file
cloud.tencent.com.csr: CSR file
Note: 
You can upload the CSR file when applying for a certificate or have it generated online by the system. It is provided to the CA and irrelevant to the installation.
3. Log in to the Nginx server using WinSCP (a tool copying files between a local computer and a remote computer).
Note: 
For detailed directions, see Uploading files via WinSCP to a Linux CVM from Windows.
We recommend that you use CVM's file upload feature for deployment to CVM.
4. Copy the cloud.tencent.com_bundle.crt certificate file and cloud.tencent.com.key private key file from the local directory to the /etc/nginx directory (this is the default Nginx installation directory and needs to be adjusted as needed) of the Nginx server.
5. Log in to the Nginx server remotely with such a login tool as PuTTY.
6. Edit the nginx.conf configuration file in the Nginx root directory as follows:
Note: 
If you cannot find the following content, manually add it. Run the nginx -t command to find the path of the Nginx configuration file.
As shown below: 
﻿
﻿
This operation can edit the file by running vim /etc/nginx/nginx.conf.
The configuration file may be written differently on different versions; for example, use listen 443 ssl instead of listen 443 and ssl on on nginx/1.15.0 or later.
server {
     # The default SSL access port is 443
     listen 443 ssl; 
     # Enter the domain name bound to the certificate
     server_name cloud.tencent.com; 
     # Enter the relative or absolute path of the certificate file
     ssl_certificate cloud.tencent.com_bundle.crt; 
     # Enter the relative or absolute path of the private key file
     ssl_certificate_key cloud.tencent.com.key; 
     ssl_session_timeout 5m;
     # Configure the following protocols
     ssl_protocols TLSv1.2 TLSv1.3; 
     # Configure the cipher suite according to the OpenSSL standard
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
     ssl_prefer_server_ciphers on;
     location / {
         # Path to the website homepage. This example is for reference only. You need to set it to the actual path.
         # For example, if your website homepage is under the "/etc/www" path of the Nginx server, change the "html" behind "root" to "/etc/www".
         root html; 
         index  index.html index.htm;
     }
 }
7. Run the following command to check whether there is a problem with the configuration file.
nginx -t
If yes, reconfigure or fix the problem as prompted.
If not, proceed to step 8.
8. ﻿Run the following command to reload the Nginx server.
﻿
nginx -s reload
9. If the server is reloaded successfully, you can access it through https://cloud.tencent.com.
(Optional) Security configuration for automatic redirect from HTTP to HTTPS
To redirect HTTP requests to HTTPS, complete the following settings:
1. Select one of the following configuration methods based on your actual needs:
Add a JavaScript script to the page.
Add redirect in the backend program.
Redirect through a web server.
Nginx supports rewrite. If you did not remove PCRE during the compilation, you can add return 301 https://$host$request_uri; to the HTTP server to redirect requests made to the default HTTP port 80 to HTTPS.
Note: 
Uncommented configuration statements can be configured as follows.
The configuration file may be written differently on different versions; for example, use listen 443 ssl instead of listen 443 and ssl on on nginx/1.15.0 or later.
  server {
   # The default SSL access port is 443
   listen 443 ssl;
   # Enter the domain name bound to the certificate
   server_name cloud.tencent.com; 
   # Enter the relative or absolute path of the certificate file
   ssl_certificate  cloud.tencent.com_bundle.crt; 
   # Enter the relative or absolute path of the private key file
   ssl_certificate_key cloud.tencent.com.key; 
   ssl_session_timeout 5m;
   # Configure the cipher suite according to the OpenSSL standard
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
   # Configure the following protocols
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_prefer_server_ciphers on;
   location / {
     # Path to the website homepage. This example is for reference only. You need to set it to the actual path. 
     # For example, if your website homepage is under the "/etc/www" path of the Nginx server, change the "html" behind "root" to "/etc/www".
     root html;
     index index.html index.htm;
   }
  }
  server {
   listen 80;
   # Enter the domain name bound to the certificate
   server_name cloud.tencent.com; 
   # Redirect requests made to an HTTP domain name to HTTPS
   return 301 https://$host$request_uri; 
  }
﻿
2. Run the following command to check whether there is a problem with the configuration file.
nginx -t
If yes, reconfigure or fix the problem as prompted.
If not, proceed to step 3.
3. ﻿Run the following command to reload the Nginx server.
﻿
nginx -s reload
4. If the server is reloaded successfully, you can access it through https://cloud.tencent.com.
If the security lock icon is displayed in the browser, the certificate has been installed successfully.
In case of a website access exception, troubleshoot the issue by referring to the following FAQs:
﻿Website Inaccessible After an SSL Certificate is Deployed﻿
﻿"Your Connection is Not Secure" is Displayed After the SSL Certificate is Installed﻿
﻿Why Does the Website Prompt "Connection Is Untrusted"?﻿
﻿404 Error After the SSL Certificate is Deployed on IIS﻿
Note: 
If anything goes wrong during this process, contact us.

도움말 및 지원

문제 해결에 도움이 되었나요?

더 자세한 내용은 문의하기 또는 티겟 제출 을 통해 문의할 수 있습니다.

피드백

Name	Description
Server IP address	IP address of the server, which is used to connect the PC to the server.
Username	The username used to log in to the server.
Password	The password used to log in to the server.

tencent cloud

SSL Certificates

Installing an SSL Certificate on an Nginx Server

Overview

Prerequisites

Directions

Installing the certificate

(Optional) Security configuration for automatic redirect from HTTP to HTTPS

도움말 및 지원