Skip to content
wp encryption ssl

WP Encryption

WordPress SSL Plugin

  • ChatGPT AI Content Writer WordPress Plugin
  • Cookie Policy
  • DOCS
  • Hire WordPress SSL Expert
  • Introducing Cert Panel
  • Refund Policy
  • Sitelock Monitor Features
  • WordPress Mixed Content Scanner
  • WordPress SSL Solution
  • WP ENCRYPTION CDN

Restrict Private Key Access on Nginx Server

Home > Docs > Restrict Private Key Access on Nginx Server
Note: Modifying server config files via SSH console is a complicated process and may break your site if not done perfectly. If you are not an SSH expert, We highly recommend upgrading to PRO version and let our premium support handle / help with this server setup.

When you generate Let’s Encrypt SSL certificate using WP Encryption WordPress plugin, your SSL certificate and private keys are stored inside keys/ directory within your WordPress site directory. It is obvious that your private key should never be exposed to public view, so the access to keys/ directory is blocked with .htaccess file inserted by the plugin on Apache servers.

Whereas on Nginx servers, this htaccess is not supported and you will need to manually insert a rule into nginx.conf file in order to secure keys/ directory. The same have been clearly specified in the disclaimer of the plugin too.

Step by step instructions to secure private key on Nginx server:

Since our private key (private.pem) is stored within keys/ directory, we will be focusing on restricting access to keys/ directory. You can follow this approach to safeguard any directory on Nginx server.

1. Login to your SSH console as root user.

2. Navigate to /etc/nginx/ using below command

cd /etc/nginx

3a. if you see wordpress.conf file, modify it directly using the nano command.

nano wordpress.conf

3b. If you couldn’t find wordpress.conf file, navigate to sites-enabled directory and modify the default .conf file using nano command

cd /etc/nginx/sites-enabled

4. Add the below lines of code just before the closing server {} block

server {
...

  location ~ /keys/.*$ {
    return 503;
  }

}

5. Finally, save the changes by pressing CTRL + O and restart Nginx server once using below command.

service nginx restart

Now you can access YOURSITE.com/keys/private.pem to make sure its not publicly accessible.

Post navigation

Fix ERR_SSL_VERSION_INTERFERENCE SSL Error on Chrome

Archive

  • Restrict Private Key Access on Nginx Server
  • Fix ERR_SSL_VERSION_INTERFERENCE SSL Error on Chrome
  • Fix Let’s Encrypt “R3” Root Certificate Expired or SSL Not Trusted Issue
  • ERR_CERT_AUTHORITY_INVALID | R3 Certificate is Expired
  • Secure Webmail & Email with an SSL/TLS Certificate

Categories

  • Apache
  • Bitnami
  • DOCS
  • Linux
  • Nginx
  • OpenLightSpeed
  • Plesk
  • SSL Error
  • Ubuntu
  • Uncategorized
  • WHM
  • WordPress

Tags

AWS Bluehost browser chrome compatibility Digital Ocean ERR_TOO_MANY_REDIRECTS Hostgator HTTPS Linux Mapped Domains Multisite SSL webadmin WHM
© 2020-2023   | Terms & Conditions | Refund Policy | Premium Support | Hire SSL Expert | Docs