Setup SSL on with Namecheap-provided PositiveSSL

The following outlines steps on how to enable SSL for a NearlyFreeSpeech hosted site. The SSL service used in this example is Namecheap’s PositiveSSL.


  • Hosted service with NearlyFreeSpeech with SSH access.

  • A purchased PositiveSSL certificate from Namecheap.


Prepare a directory on your NearlyFreeSpeech server and move into it:

$ mkdir /home/protected/ssl
$ cd /home/protected/ssl

Generate your private key and csr (certificate signing Request) file (adjust myserver to your own domain, if desired):

$ openssl req -new -newkey rsa:2048 -nodes -keyout myserver.key -out myserver.csr
Generating a 2048 bit RSA private key

The command will prompt you with a series of questions. Provide:

  • Your country name code, state/province, city.

  • Enter your company name and unit name; or just NA for an individual.

  • For common name, enter the domain you wish to enable the certificate for (for example,

  • Provide your Email address.

  • Default values for the rest.

After generation, you should have two (2) files:




Private Key File


Certificate Signing Request File

With a purchased SSL certificate from Namecheap, start the activation process (an “Activate” button should exist for your newly purchased key). The start of the activation process will ask your for your CSR. Copy-n-paste the content from your myserver.csr file into the input. Validate that your “Primary Domain” matches your target domain. For “Server Type”, ensure the option with Apache is selected. Complete the confirmation process.


When your certificate moves from confirmation to issued image you should be able to download the certificate by going to “Details –> Download Certificate”. This will invoke a download of a ZIP file which contains the following important files:



The Certificate Chain


Your Certificate

Upload both the ca-bundle and crt files to your /home/protected/ssl directory.

Verify your certificate by using the following command:

$ openssl verify -untrusted www_example_org.crt
www_example_org.crt: OK

Enable TLS on your site by invoking the following command:

$ cat myserver.key www_example_org.crt | nfsn -i set-tls
INFO: Enabling TLS for
INFO: Enabling front-end HTTPS for
INFO: Enabling TLS for
INFO: Enabling front-end HTTPS for
INFO: Flagging canonical name as HTTPS-enabled.
e4: OK (,
e3: OK (,
e6: OK (,
e5: OK (,
OK: Setup was fully confirmed.

In a few moments, your certificate should be up and running.