Suppose you have a domain greproot.com for which you want to enable SSL. Make sure you have a dedicated IP for the domain. Say, 220.127.116.11 is the dedicated IP address for greproot.com
First, decide where you want to keep your certs and keys. In my case, I am going to place it in /etc/ssl/certs/ and /etc/ssl/keys respectively.
Now we need to generate CSR and key for the greproot.com, get the cert signed and then install SSL.
Now we have the CSR and key. If you do not need a signed cert, then you can create a self signed certificate from the above CSR and key. If you need a signed cert, take the CSR to a valid certificate signing authority, get it signed and place it in the server at /etc/ssl/certs/greproot.com.crt
Now, whether it be a valid cert or self signed, you have the certificate at /etc/ssl/certs/greproot.com.crt. Now you need to add this to your nginx configuration file. If you want to access greproot.com with both http and https, you should have two separate server modules in the same configuration file – one for http and other for https. To add SSL, all you need to do is, just copy the server module as such and place it at the end of the file. The second one will be used for SSL and will be modified to mention the cert and key path.
Now try accessing the site at https://greproot.com