How to install free SSL Certificate

In this article you will learn how to create, install and configure the SSL certificate in GrandNode.

1. How to create free SSL certificate

In this guide I will use the ZeroSSL site, which provides Let's Encrypt SSL certificates. To create free SSL certificate please go to: https://zerossl.com/free-ssl/#crt

Fill the "Domains" field. For example grandnode.com. Then we have two ways of verification. I will show you how to verify domain on Azure websites, in this case we will have to use HTTP verification.

After clicking on the Next button, the system will generate the CSR for you. You should copy it somewhere or download to your disk. Press next again. In the next step, you will receive the generated private key for you certificate. Download or copy it.

Now you will see the most tricky part of that guide. But please stay calm, it only looks as hard. In the GrandNode 4.40 we added a new feature, that ignores the /well-known/acme-challenge/ path on the server, so you are able to add required file to the GrandNode and verify the SSL. 

To create the required file, we need to login to our server. You can do it via FTP client or for example via Putty. I chose the second way. Go to your GrandNode directory and find the wwwroot/content/acme folder. In the mentioned directory create the required file. You can do it manually via FTP client or via the following command:

vi <file name that ZeroSSL website provided>

It will create an empty file, inside the editor, please paste the content of file. You will find it on the ZeroSSL website. Save changes with the ESC + :wq combination.

The verification step is over. You can check the results of your work, just click the link on the file name on ZeroSSL website. If you see the content of file, that you saved a while ago, it will mean that everything is fine. 

It's time to verify domain, please click the "Next" button on ZeroSSL page. In the last step you will find two files - domain.crt and domain.key file. You have to upload them to your server. I will describe that process in the next step.

2. How to install free SSL certificate

This step is very simple. You can base on tutorials available on the web, but let's look at the steps that I take to install SSL on nginx server. 

Open the web server, I used a Putty to connect to it. Go to the nginx directory - /etc/nginx. Create the ssl directory, I used the mkdir command to create it.

It's required to keep your SSL files in the correct directory. When you finished the last step during the SSL creation, you got two files. Please paste them into the /etc/nginx/ssl directory. 

In the next step you will have to modify default.conf of your server. Open it and add following lines:

listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

ssl_certificate /etc/nginx/ssl/domain.crt;
ssl_certificate_key /etc/nginx/ssl/domain.key;

After that please check the nginx configuration with nginx -t command. If everything is fine, you will have to reload configuration with systemctl reload nginx command. 

3. How to configure SSL certificate in GrandNode

Now it's the time for last touches. Please go to the App_Data directory of GrandNode and edit the appsettings.json file. The most important settings if you use nginx, is at the beginning of the file. 

The UseForwardedHeaders setting must have the "True" value. After that change, restart application and go to Admin panel. In the Configuration -> Stores section, edit the current store and mark the "SSL Enabled" settings. Enter the Secure host value and save changes. And that's all! As I told you, it looks complicated, but it's easy even for beginners.