Namecheap for SSL Certificates

July 31, 2015

I recently integrated Stripe onto one of my websites. It was a much simpler integration than the abomination that is PayPal!

As part of this, I was required to enable HTTPS for the entire site. I did this using a very cheap (about £5) certificate from Namecheap. The process was easy, and full instructions were provided.

In order to install this certificate into nginx, I configured a new site. This copied the config from the existing site (on port 80), and added in the following changes:

listen: 443;

ssl on;
ssl_certificate  /etc/nginx/certs/certificate.crt;
ssl_certificate_key  /etc/nginx/certs/certificate.key;

#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

#Disables all weak ciphers
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

ssl_prefer_server_ciphers on;

I then modified the old site configuration so it did a permanent (301) redirect from the http version into the https one:

server {
    listen   80;
    server_name  domain.co.uk domain.com;
    return 301 https://domain.co.uk$request_uri;
}

I chose to redirect the .com domain to https on .co.uk, so I could get away with having just one certificate.