SSL_Nginx

How to Set Up Multiple SSL Certificates on One IP with Nginx on Ubuntu 24.04

In the world of web hosting, security is paramount. With various websites being hosted on the same server, it’s imperative to set up SSL certificates correctly to ensure that each site communicates securely with its users. In this blog post, we’ll guide you through the process of setting up multiple SSL certificates on a single IP address using Nginx on Ubuntu 24.04.

What is SSL?

SSL (Secure Sockets Layer) is a protocol for establishing a secure and encrypted link between a server and a client—typically a web server and a browser. SSL certificates are essential for ensuring that data transferred between a user’s browser and your website is private and secure.

Why Use Multiple SSL Certificates?

Traditionally, each hostname would require a unique IP address for its SSL certificate, leading to the inefficient use of resources. However, with the advent of Server Name Indication (SNI), it’s now possible to host multiple SSL certificates on a single IP address. This allows multiple secure sites to coexist, saving both IP addresses and costs, while improving management.

Prerequisites

Before we dive into the setup, ensure that you have the following:

  • A server running Ubuntu 24.04.
  • Nginx installed. You can install Nginx using the following command:
  sudo apt update
  sudo apt install nginx
  • Access to your domain names with the ability to configure DNS settings.
  • SSL certificates for your domains. You can obtain these from a Certificate Authority (CA) or through Let’s Encrypt.

Step-by-Step Guide to Setting Up Multiple SSL Certificates

Step 1: Install Certbot

If you don’t have SSL certificates yet, one of the easiest ways to get them is to use Certbot, which automates the process of obtaining and renewing Let’s Encrypt certificates.

Install Certbot and the Nginx plugin:

sudo apt install certbot python3-certbot-nginx

Step 2: Obtaining SSL Certificates

Use Certbot to obtain SSL certificates for your domains. Run the following command for each domain you want to secure:

sudo certbot --nginx -d yourdomain1.com -d www.yourdomain1.com
sudo certbot --nginx -d yourdomain2.com -d www.yourdomain2.com

Certbot will automatically configure Nginx for you, but it’s a good idea to double-check the configuration files.

Step 3: Configuring Nginx

If you have SSL certificates already, you will need to manually configure Nginx. Open or create a new configuration file for each domain in the /etc/nginx/sites-available/ directory. For example:

For Domain 1: /etc/nginx/sites-available/yourdomain1.com

server {
    listen 80;
    server_name yourdomain1.com www.yourdomain1.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name yourdomain1.com www.yourdomain1.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain1.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain1.com/privkey.pem;

    # Your site configuration
    location / {
        root /var/www/yourdomain1.com;
        index index.html index.htm;
    }
}

For Domain 2: /etc/nginx/sites-available/yourdomain2.com

server {
    listen 80;
    server_name yourdomain2.com www.yourdomain2.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name yourdomain2.com www.yourdomain2.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain2.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain2.com/privkey.pem;

    # Your site configuration
    location / {
        root /var/www/yourdomain2.com;
        index index.html index.htm;
    }
}

Step 4: Enabling Your Configuration

Next, create symbolic links to the sites in the sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/yourdomain1.com /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/yourdomain2.com /etc/nginx/sites-enabled/

Step 5: Testing Nginx Configuration

Before applying the changes, it’s essential to test the Nginx configuration for any syntax errors. Run:

sudo nginx -t

If there are no errors, you should see output confirming that the configuration is OK.

Step 6: Restart Nginx

Finally, restart Nginx to apply the changes:

sudo systemctl restart nginx

Conclusion

Setting up multiple SSL certificates on a single IP with Nginx on Ubuntu 24.04 is a straightforward process that can significantly enhance your web security. By following these steps, you can ensure that your multiple domains are secure and compliant with modern web standards.

Always remember to renew your SSL certificates to maintain secure connections. For Let’s Encrypt certificates, this can be automated using cron jobs, which Certbot can help set up during the installation phase.

If you have any questions or need assistance with your setup, feel free to reach out through the comments below. Happy hosting!

Additional Resources

Make sure to share this post if you found it helpful!