Upgrading a CAcert.org Server Certificate (nginx)
Please don't ask me to consider anything else; I choose CAcert even though it isn't "trusted". But what use is trust that can be bought with $$$? CAcert are certainly trustworthy in my opinion. If you think so too you might want to import their root certificate from this page. I also wrote an article about https explaining (amongst other things) why I reject that other certificate provider that everybody seems to use nowadays.
In fact I already have a CAcert certificate, but it ran out a long time ago.
I am assuming that upgrading the certificate is the same as installing a new one.
Create & change into a dedicated directory for doing the following things. Presumably something
/etc that isn't going to be used by other software.
Following the tutorial, I ran:
openssl req -newkey rsa:4096 -subj /CN=www.example.org -nodes -keyout example_key.pem -out example_csr.pem
changing only "www.example.org" to my domain.
And so on, following the tutorial step-by-step.
I did not move the files anywhere else when asked to do so, but I did move the certificate request
example_csr.pem to a subdirectory. It gets confusing otherwise.
When downloading the attached
CAcert_chain.pem I had to convert its line endings from Windows to Unix!!!
Every self-respecting Linux editor can do that. Try geany. Or some command line tool (
That said I haven't tried using it as it is.
The tutorial ends with Apache configuration. I had some difficulty with it because nginx does things differently.
For a complete explanation of how to configure an nginx https server, go here.
In the end I used only two files. Here's part of my nginx site configuration:
ssl_certificate /etc/something/example_cert.pem; ssl_certificate_key /etc/something/example_key.pem;
There's an option to concatenate a certificate bundle with the certificate I received from cacert.
I assume the bundle is
CAcert_chain.pem and corresponds to the last line of the apache config example.
So I tried
example_cert.pem CAcert_chain.pem > example_cert.chained.pem and pointed
ssl_certificate to the resulting file in my nginx site config.