VANHIEP.NET - Làm web giá rẻ - Thiết Kế Website - Thiết Kế Ứng Dụng Mobile
How to create SSL certificate character ?

How to create SSL certificate character ?

In case you only use a local domain, you cannot use Let's Encrypt because they require authenticating the actual domain on the internet. Instead, you can create a self-signed SSL certificate for use in a development environment or intranet.

How to create a self-signed SSL certificate

Below are the steps to create a self-signed SSL certificate and configure Nginx to use this certificate.

Step 1: Create a self-signed SSL certificate
You can use openssl to generate a pair of self-signed certificates:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.crt

In there:

-days 365: Certificate validity (365 days).
-keyout selfsigned.key: Name of the private key file.
-out selfsigned.crt: Name of the certificate file.
When running the above command, openssl will ask you to fill in some information. You can skip it or fill it in yourself as you like for internal purposes.

Step 2: Configure Nginx to use a self-signed certificate
After creating the certificate, configure Nginx to use this certificate.

Add the following configuration to Nginx's configuration file:

 

server {
        listen 80;
        listen [::]:80;
        listen 443 ssl;
        server_name localhost.vn;  
        index index.php index.html index.htm;

        root /var/www/html;

        ssl_certificate /etc/letsencrypt/selfsigned.crt;  
        ssl_certificate_key /etc/letsencrypt/selfsigned.key;  

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass wordpress:9000;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
        }

        location ~ /\.ht {
                deny all;
        }

        location = /favicon.ico {
                log_not_found off; access_log off;
        }
        location = /robots.txt {
                log_not_found off; access_log off; allow all;
        }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                expires max;
                log_not_found off;
        }
}

Step 3: Restart Nginx
After editing the configuration, restart Nginx:

sudo systemctl reload nginx

Note
The browser will say untrusted: Because this is a self-signed certificate, the browser will show a security warning when you visit the website. You can add this certificate to your browser's trusted list to bypass warnings during development.
For internal or development environments: Self-signed certificates cannot be used for production environments.