setup ssl

I purchased my domain through name.com for long-term use, so unlike most cases where you get a free SSL certificate with automatic setup when you buy both your domain and hosting from the same provider, I had to purchase my domain and server from two separate providers.

That means I needed to manually request and configure a free UbiquiTLS™ Free TLS Certificate DV on my own.

Here's a quick walkthrough of the process for future reference.

First, generate a Certificate Signing Request (CSR) and private key via OpenSSL:

openssl req -new -newkey rsa:2048 -nodes -keyout ansatz.work.key -out ansatz.work.csr

Fill out the required information (domain, organization details, etc.) in your terminal, then copy the full content of the generated .csr file into the management portal for UbiquiTLS™ Free TLS Certificate DV.

Once the platform verifies that your CSR matches the information you provided, click the Issue button to proceed.

UbiquiTLS will validate your domain ownership through a DNS record:

1. Log into your DNS management backend on name.com
2. Add a new CNAME record using the hash value provided by UbiquiTLS
3. Wait a few minutes for DNS propagation, and your certificate will be issued once validation passes

After issuance, you'll receive two files/contents: your server certificate and the CA intermediate bundle.

To set up SSL in Nginx, first combine your server certificate and the CA bundle into a fullchain.crt:

cat ansatz.work.crt ansatz.work.ca-bundle > ansatz.work.fullchain.crt

Then add these lines to your nginx.conf to point to your certificate files:

ssl_certificate /etc/nginx/ssl/ansatz.work.crt;                    
ssl_certificate_key /etc/nginx/ssl/ansatz.work.key;          ssl_trusted_certificate /etc/nginx/ssl/ansatz.work.ca-bundle;

Restart Nginx after updating the configuration, and SSL certificate will be live.

Same pathway for renew the SSL certificate.