After generating a CSR and private key, activating and validating your certificate on the certificate provider’s side, and obtaining the certificate files, you need to install your SSL certificate on your Nginx server.

Here’s a quick overview of the process:

1. Upload the certificate and Certificate Authority Bundle files to your server.
2. Combine these two files into one.
3. Adjust your web server configuration for port 443, which is used for SSL/TLS connections.
4. Restart the server to apply the new settings.

Before you begin, ensure that your firewall has a rule for port 443 to be opened. Also, confirm that you have the following files to make the certificate work:

1. Certificate file itself.
2. CA Bundle (chain) file.
3. Private key file generated together with the CSR code on your server.

Step 1: Upload Certificate and CA Bundle Files

Navigate to your home directory (you can work from any other directory except for web folders):cd ~

Create two files and paste the certificate and CA Bundle codes from your certificate provider:touch yourdomain.crt
touch cabundle.crt

Combine these files into one:cat yourdomain.crt cabundle.crt > yourdomain.combined.crt

Step 2: Adjust Nginx Configuration

Navigate to your domain’s VirtualHost file and add a few lines. Backup the file first:cd /etc/nginx/sites-enabled
cp default /home/default.backup
nano default

Duplicate the block for port 80 in the file, replace 80 with 443 in the second block, and add the following lines:ssl on;
ssl_certificate /root/yourdomain.combined.crt;
ssl_certificate_key /root/yourdomain.key;

Replace /root/yourdomain.combined.crt with the path to the combined certificate created earlier and /root/yourdomain.key with the path to the private key generated with the CSR code.

Step 3: Restart Nginx

Restart Nginx to apply the settings:service nginx restart

Now your website should be accessible via HTTPS.

Note: If you encounter the “X509_check_private_key:key values mismatch” error during Nginx restart, it indicates that the private key used does not match the one generated with the CSR used for your certificate activation.

If you lost the private key, you can search for it using the command:find / -name "*.key"

Small tip: If you want your website to be accessible via HTTPS by default, add a redirect rule to your domain configuration file in the /etc/nginx/sites-enabled directory. Add the following code:return 301 https://yourdomain.com$request_uri;

Replace yourdomain.com with the domain you have the certificate for.

Keep it secure! If you have any further questions or need additional assistance, feel free to ask.