Purchasing an SSL certificate requires creating a Certificate Signing Request (CSR) which you can do on your host using:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
When you purchase your certificate from your vendor, you’ll provide the text content from your CSR file. Once you have the certificate files (normally a .crt and a .key file), transfer them to your server, and place them somewhere like /etc/ssl-certs/.
In your /etc/nginx/nginx.conf (or /etc/nginx/sites-enabled/default), add to the server { } block:
server { listen 443 ssl; ssl on; ssl_certificate /etc/ssl-certs/yourdomain_com.crt; ssl_certificate_key /etc/ssl-certs/yourdomain.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; # rest of server config }
Restart nginx with:
sudo service nginx restart
This is documented in the nginx docs here.