When you generate Let’s Encrypt SSL certificate using WP Encryption WordPress plugin, your SSL certificate and private keys are stored inside keys/ directory within your WordPress site directory. It is obvious that your private key should never be exposed to public view, so the access to keys/ directory is blocked with .htaccess file inserted by the plugin on Apache servers.
Whereas on Nginx servers, this htaccess is not supported and you will need to manually insert a rule into nginx.conf file in order to secure keys/ directory. The same have been clearly specified in the disclaimer of the plugin too.
Step by step instructions to secure private key on Nginx server:
Since our private key (private.pem) is stored within keys/ directory, we will be focusing on restricting access to keys/ directory. You can follow this approach to safeguard any directory on Nginx server.
1. Login to your SSH console as root user.
2. Navigate to /etc/nginx/ using below command
cd /etc/nginx3a. if you see wordpress.conf file, modify it directly using the nano command.
nano wordpress.conf3b. If you couldn’t find wordpress.conf file, navigate to sites-enabled directory and modify the default .conf file using nano command
cd /etc/nginx/sites-enabled4. Add the below lines of code just before the closing server {} block
server {
...
location ~ /keys/.*$ {
return 503;
}
}5. Finally, save the changes by pressing CTRL + O and restart Nginx server once using below command.
service nginx restartNow you can access YOURSITE.com/keys/private.pem to make sure its not publicly accessible.
