Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Nginx webserver.

  1. Obtain a certificate from a trusted CA. For Let's Encrypt, use Certbot:

    sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com

  2. In nginx.conf, configure:

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

  3. The fullchain.pem includes the intermediate certificates required for chain trust.

  4. Reload Nginx:

    sudo systemctl reload nginx
Back to top