SSL Certificate Configuration Guide
SSL certificate provides HTTPS encryption for website, protecting user data security and improving website credibility.
Certificate Types
Domain Validation
Verify domain ownership, suitable for personal websites
Organization Validation
Verify enterprise identity, suitable for business websites
Extended Validation
Strict verification, display enterprise name, suitable for high-security websites like finance
Configuration Steps
Step 1: Select Certificate Type
Choose appropriate certificate based on website type. Personal/test websites can use free DV certificate (like Let's Encrypt).
Step 2: Apply for Certificate
Apply for certificate at certificate authority, complete domain verification (DNS verification or file verification).
Step 3: Download Certificate Files
Download certificate files, usually include: certificate file (.crt/.pem), private key file (.key).
Step 4: Configure Server
Configure SSL certificate in web server (Nginx/Apache), enable HTTPS.
Step 5: Verify Configuration
Visit https://yourdomain.com to verify certificate is effective, check if browser shows security indicator.
Nginx Configuration Example
server {
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
}Notes
- Certificate and private key files should be kept safe
- Certificates have expiration dates, need regular renewal
- Let's Encrypt certificate is valid for 90 days, can configure auto-renewal
- Recommend forcing HTTPS, redirect HTTP to HTTPS
FAQ
How to get free SSL certificate?
Use Let's Encrypt free certificate, apply and renew automatically through Certbot tool.
What if certificate expires?
Renew certificate in advance. Let's Encrypt can configure auto-renewal, commercial certificates need manual renewal.