At this point, you should have received two files from your certificate authority: your site's certificate file (.crt), and an additional certificate file containing information relative to the certificate authority itself. These two files must be concatenated into one using the following command:

# cat your_site_certificate.crt certificate_authority.crt > example.com.crt 

The order is important: your site's certificate first, followed by your CA's certificate. Now that this is done, two files are required to finalize your Nginx configuration:

• Your private key file generated during the first step (example.com.key)
• The certificate file we generated just now (example.com.crt)

Store them in a secure location, but keep in mind Nginx must have read permission in order to function properly. We will now edit your Nginx configuration to enable HTTPS.

Open the existing server block for your domain, and append the following directives after the listen 80; line:

# Listen on port 443 using SSL and make it the default server 
listen 443 default_server ssl; 
 
# Specify the path of your .crt and .key files 
ssl_certificate     /etc/ssl/private/example.com.crt; 
ssl_certificate_key /etc/ssl/private/example.com.key; 
 
# Enable session caching, increase session timeout 
ssl_session_cache shared:SSL:20m; 
ssl_session_timeout 60m; 
 
# Disable SSL in favor of TLS (safer) 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
 

Save your configuration and reload Nginx. At this point, you are able to browse your site via HTTPS (while HTTP is still enabled); however, we must inform WordPress that the site URL has changed. Open your WordPress site control panel; go to Settings | General, and update the site address:

Furthermore, if your custom theme includes elements linked statically, you will want to update your URLs by replacing http with https (or better, by removing the protocol altogether since modern web browsers are clever enough to use the correct one automatically).