# NGINX: Deploy SSL Certificate

Here's quick instructions for deploying an SSL key/cert pair to an NGINX instance.

<p class="callout info">NOTE: These steps are assumed to be executed as root.</p>

#### Elevate to Root

Elevate to root with this:

```bash
sudo -i
```

#### Create SSL Folder

By default, a fresh NGINX install doesn't yet contain a folder for certificates.

Create the ssl folder, with this:

```bash
mkdir /etc/nginx/ssl
```

#### Set Folder Permissions

We need to constrain access to the private SSL keys, with the following:

<p class="callout info">NOTE: NGINX runs as root, so this is fine.</p>

```bash
chmod 0600 -R /etc/nginx/ssl
chown root:root -R /etc/nginx/ssl
```

#### Copy SSL Cert

Create files in the SSL folder for the public crt and private key files, like this:

[![image.png](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/scaled-1680-/HqYGhtmKzVQAnf7X-image.png)](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/HqYGhtmKzVQAnf7X-image.png)

Paste the content of your private key and public cert into the files.

#### Set File Permissions

Once added, constrain access, with the following:

```bash
# All certs readable
chmod 644 *.crt

# All keys locked down
chmod 600 *.key

# Make sure ownership is correct
chown root:root *.crt *.key
```

#### Restart NGINX

Once certs are pasted in, you need to restart NGINX for the new certs to take effect, with this:

```bash
nginx -s reload
```