Custom HTTPS Certificate

All SpinupWP Servers come with Certbot preinstalled so that you can use a free Let’s Encrypt certificate to secure traffic to and from your websites. While Let’s Encrypt certificates are more than suitable for most WordPress websites, you might be in a situation where you need to use a custom certificate from an external certificate authority like DigiCert or Thawte. In this case, you will need to copy the certificate and its associated private key to your server and enable the custom certificate in your SpinupWP dashboard.

Copy the Custom Certificate Files to Your Server

Typically a custom certificate will be made up of two files, the actual certificate file and its private key file. Depending on the certificate you requested, you may have a primary certificate and intermediate certificates, which you will need to combine into one certificate file. You will need to combine them into a single certificate file in the following order: the primary certificate comes first, then the intermediate certificates.

This can be done by simply opening the intermediate certificates in a text file editor, pasting the details of the intermediate certificates into the file after the primary certificate, and saving the file. You can also concatenate the files via your terminal:

cat primary-certificate.crt intermediate-certificate.crt > certificate-bundle.crt

Once you have your certificate file and your private key, you need to copy them to the relevant server using any valid sudo user.

scp certificate-bundle.crt spinupwp@turnipjuice.media:~/
scp private-key.key spinupwp@turnipjuice.media:~/

The files will have been copied to the sudo user’s home directory. Although you can store the certificate files anywhere on your server, we recommend placing them in the following directory path: /etc/nginx/ssl/{DOMAIN}/, where {DOMAIN} is the domain name of the relevant site for the certificate. The /etc/nginx/ssl/ directory may not exist on your server, so you will need to SSH in using your sudo user and create it, as well as the relevant site-related directory.

sudo mkdir -p /etc/nginx/ssl/turnipjuice.media

After you’ve created the site’s SSL directory, move the files into place.

sudo mv ~/certificate-bundle.crt /etc/nginx/ssl/turnipjuice.media/
sudo mv ~/private-key.key /etc/nginx/ssl/turnipjuice.media/

It’s a good idea to ensure that the files have the correct ownership and file permissions. The certificate file permissions should be set to 644 and the private key to 600, and both should be owned by root.

sudo chmod 644 /etc/nginx/ssl/turnipjuice.media/certificate-bundle.crt
sudo chmod 600 /etc/nginx/ssl/turnipjuice.media/private-key.key

Finally, set the directory and files to be owned by the root user.

sudo chown -R root:root /etc/nginx/ssl/turnipjuice.media

Configure An Existing Site to Use the Custom Certificate

To configure a custom certificate for an existing site, navigate to the site dashboard in SpinupWP and then click HTTPS in the site menu.

Select the “I will provide the certificate and manage it myself” radio button, which will display fields for the Certificate and Private Key. Enter the path to both files you uploaded earlier, and click the Save button.

If everything is configured correctly, the certificate details will display as a custom certificate at the bottom of the screen.

custom HTTPS certificate

Configure A New Site to Use the Custom Certificate

To use a custom certificate for a new site, select the “I will provide the certificate and manage it myself” radio button under “Enable HTTPS (SSL/TLS certificates)” in the Domain step of the New Site wizard. Then the path to both files you uploaded earlier, and click the Next button.