Attention! This solution is temporary, new BitrixVA/BitrixEnv versions will have more convenient support for user SSL-certificates.
In case, if you have a site http://site1.bx, and we need to switch the operation of the site to a protected https protocol.
Your actions should be the following:
First, you need to receive SSL-certificate from Certification authority, selected by you. You should have the following files:
site1.bx.key - domain private key (created by you when sending a request for certificate or sent by a certification authority)
site1.bx.crt - domain public certificate (sent by the certification authority)
Attention! If the default pasword-protected SSL-certifiate is modified in BitrixVA/BitrixEnv, this will cause a problem in the operation of wizards and re-launching of services. Password input will be requested continuously. To avoid such problems, it is necessary to delete password from the certificate:
After that, the certificates received from the authority should be uploaded, for example, in the /etc/nginx/ssl/ directory or via any file manager as per sftp protocol (for example, WinSCP).
Further commands are executed in the BitrixVA/BitrixEnv Virtual appliance console (0. Exit in the main menu) or via similar actions in the file manager, as per convenience.
When updating the BitrixVA/BitrixEnv Virtual Appliance, an automatic rewrite of nginx standard files can occur, that is why the config file ssl.conf shall be copied to a new file site1.bx_ssl.conf (file can have any filename). This is done for convenience, for each site, if you have several:
Then, file /etc/nginx/bx/conf/site1.bx_ssl.conf shall be edited and location site1.bx.key (domain private key) shall be indicated as well as file site1.bx.crt (domain public certificate) in nginx ssl_certificate_key and ssl_certificate directive, respectively.
Open file /etc/nginx/bx/site_avaliable/bx_ext_ssl_site1.bx.conf and search the line in it:
and modify to:
Note: For default site s1 (which is located in the /home/bitrix/www directory) the file name will be /etc/nginx/bx/site_avaliable/s1.ssl.conf, and for additional sites (which are created in the /home/bitrix/ext_www/host_name directory) - /etc/nginx/bx/site_avaliable/bx_ext_ssl_host_name.conf.
Verify, if nginx configuration files do not contain errors:
If everything is ok, restart nginx:
service nginx restart
systemctl restart nginx.service
Then, site operation can be switched only as per the protocol https, as an option in the menu 6. Mange sites in the pool > 5. Change https settings on site. Description how to do it can be found here here.
Now, even if the standard nginx configuration files are modified, after the update of BitrixVA/BitrixEnv Virtual Appliance, the site will continue to work according https protocol.