I am migrating a server I inherited; it has a signed certificate.
The server is a "LERP"-stack (Linux Nginx Rails Passenger). The previous maintainer stored the certificates under /etc/nginx/; I doubt this is the convential place to store them, in Ubuntu or Debian.
But where should I store them? I have:
example.com.crt
example.com.csr
example.com.key
SSL123_CA_Bundle.pem
nginx, running as www-data, needs read-access to these files.
I currently not running a mailserver or proxy server, but I would assume a the "preferred place" to store the certificates on a Debian or Ubuntu server would be somewhere where Dovecot or Squid and such, have access to the certs too; if they are implemented.
If nginx is the only thing requiring the certificates running on that box, I doesn't feel particularly wrong to me to keep the files in the /etc/nginx hierarchy. Certainly, anyone interested can look at the configuration file in /etc/nginx/sites-enabled to find the location of the cert and key.
If there are other services, Ubuntu should be providing an /etc/ssl hierarchy if you've installed certain packages: