setup ssl on nearlyfreespeech host with namecheap-provided positivessl¶
- Hosted service with NearlyFreeSpeech with SSH access.
- A purchased PositiveSSL certificate from Namecheap.
Prepare a directory on your NearlyFreeSpeech server and move into it:
$ mkdir /home/protected/ssl $ cd /home/protected/ssl
Generate your private key and csr (certificate signing Request) file (adjust
myserver to your own domain, if desired):
$ openssl req -new -newkey rsa:2048 -nodes -keyout myserver.key -out myserver.csr Generating a 2048 bit RSA private key ...
The command will prompt you with a series of questions. Provide:
- Your country name code, state/province, city.
- Enter your company name and unit name; or just
NAfor an individual.
- For common name, enter the domain you wish to enable the certificate for (for
- Provide your Email address.
- Default values for the rest.
After generation, you should have two (2) files:
|myserver.key||Private Key File|
|myserver.csr||Certificate Signing Request File|
With a purchased SSL certificate from Namecheap, start the activation process
(an “Activate” button should exist for your newly purchased key). The start of
the activation process will ask your for your CSR. Copy-n-paste the content from
myserver.csr file into the input. Validate that your “Primary Domain”
matches your target domain. For “Server Type”, ensure the option with
Apache is selected. Complete the confirmation process.
When your certificate moves from to you should be able to download the certificate by going to “Details –> Download Certificate”. This will invoke a download of a ZIP file which contains the following important files:
|www_example_org.ca-bundle||The Certificate Chain|
Upload both the
crt files to your
Verify your certificate by using the following command:
$ openssl verify -untrusted www_example_org.ca-bundle www_example_org.crt www_example_org.crt: OK
Enable TLS on your site by invoking the following command:
$ cat myserver.key www_example_org.crt www_example_org.ca-bundle | nfsn -i set-tls INFO: Enabling TLS for example.org INFO: Enabling front-end HTTPS for example.org INFO: Enabling TLS for www.example.org INFO: Enabling front-end HTTPS for www.example.org INFO: Flagging canonical name as HTTPS-enabled. e4: OK (example.org, www.example.org) e3: OK (example.org, www.example.org) e6: OK (example.org, www.example.org) e5: OK (example.org, www.example.org) OK: Setup was fully confirmed.
In a few moments, your certificate should be up and running.