How to install SSL Certificate?


1. First, go to your SSL Certificates Dashboard. Choose "SSL Certificates" in the "Services" menu:


2. Add new certificate by clicking the blue button "Add cert" or orange button "Get now certificate" if you don't have any certificates yet:


3. Buy SSL Certificate. Choose time period and currency using pop-down menus over the table and make a payment:


4. Generate CSR and enter it. The instruction is here:

  Then press the button "READ MY CSR":


5. Select your e-mail you want to receive a confirmation letter to. Open the confirmation letter and follow its instructions to validate your SSL certificate.


6. After successful validation, the status in your CleanTalk Control Panel will be changed to "Active". Your SSL Certificate is ready to be used.


7. Set up your web server. Setup instructions for Nginx and Apache see below.

> > > Please, keep in mind the following information.


> > > If you use a Virtual Hosting and don't have access to your web server command line you can contact your Hosting Service Support and they will install your certificate for you.




Nginx Web Server


Combine everything for nginx:

  1. Combine crt files into a bundle (the order matters, here):

cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt


  2. Store the bundle wherever nginx expects to find it:

mkdir -p /etc/nginx/ssl/example_com/ mv ssl-bundle.crt /etc/nginx/ssl/example_com/


  3. Ensure your private key is somewhere nginx can read it as well:

mv example_com.key /etc/nginx/ssl/example_com/


  4. Make sure your nginx config points to the right cert file and to the private key you generated earlier:

server { listen 443;

ssl on; ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key;

# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# ...



  5. Restart nginx.


Apache Web Server


Apache on Ubuntu 14.04.


Make a backup of your configuration file by copying it. Assuming your server is running on the default virtual host configuration file, /etc/apache2/sites-available/000-default.conf, use these commands to to make a copy:

cd /etc/apache2/sites-available cp 000-default.conf 000-default.conf.orig 


Then open the file for editing:

sudo vi 000-default.conf


Find the <VirtualHost *:80> entry and modify it so your web server will listen on port 443:

<VirtualHost *:443> 


Then add the ServerName directive, if it doesn't already exist (substitute your domain name here):



Then add the following lines to specify your certificate and key paths (substitute your actual paths here):

SSLEngine on SSLCertificateFile /home/sammy/ SSLCertificateKeyFile /home/sammy/


If you are using Apache 2.4.8 or greater, specify the CA intermediate bundle by adding this line (substitute the path):

SSLCACertificateFile /home/sammy/intermediate.crt


If you are using an older version of Apache, specify the CA intermediate bundle with this line (substitute the path):

SSLCertificateChainFile /home/sammy/intermediate.crt


At this point, your server is configured to listen on HTTPS only (port 443), so requests to HTTP (port 80) will not be served. To redirect HTTP requests to HTTPS, add the following to the top of the file (substitute the name in both places):

<VirtualHost *:80> ServerName Redirect permanent / </VirtualHost>


Save and exit.


Enable the Apache SSL module by running this command:

sudo a2enmod ssl


Now restart Apache to load the new configuration and enable TLS/SSL over HTTPS!

sudo service apache2 restart


Test it out by accessing your site via HTTPS, e.g.

You will also want to try connecting via HTTP, e.g. to ensure that the redirect is working properly!