Ubuntu with Apache2: Installing and Configuring Your SSL Certificate

Use free/paid SSL certificates


Enable SSL Module

  1. Replace ‘default-ssl’ with the real site name you set up in /etc/apache2/sites-available/.
    sudo a2enmod ssl
  2. Once the site listed in the command above is enabled, the site appears in /etc/apache2/sites-enabled.

Apply SSL Module to Site

sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart

Cipher Suite

  • Once you run the sudo a2enmod ssl command, edit the ssl.conf file in /etc/apache2/mods-enabled.
  • If you haven’t run the a2enmod command yet, preconfigure the ssl.conf file in /etc/apache2/mods-available.

If there is a change in ports


    1. Copy the certificate files to your server.
      1. Log in to your Cert account and download the intermediate (certificate.crt) and your primary certificate (your_domain_name.crt) files.
      2. Copy these files, along with the .key file you generated when creating the CSR, to the directory on the server where you keep your certificate and key files.

        Note: Make them readable by root only to increase security.

    2. Find the Apache configuration file you need to edit.The location and name of the configuration file can vary from server to server-especially if you’re using a special interface to manage your server configuration.
      • The Ubuntu server with Apache2 main configuration file for your SSL/TLS site is typically found in /etc/apache2/sites-enabled/your_site_name.
      • If it’s not found in the ‘sites-enabled’ directory, run the command below.
        sudo a2ensite your_site_name
      • Open the file with a text editor and find the <VirtualHost> blocks that contain the Apache settings.
  1. Identify the SSL <VirtualHost> block you need to configure.If your site needs to be accessible through both secure (https) and non-secure (http) connections, you need two separate files in /etc/apache2/sites-enabled/. One file is for port 80 and the other file is for port 443. Configure both files for SSL as described in step 4.If your site only needs to be accessed securely, configure the existing virtual host for SSL as described in step 4.
  2. Configure the <VirtualHost> block for the SSL-enabled site
    1. Below is a very simple example of a virtual host configured for SSL. The parts listed in blue are the parts you must add to configure the SSL configuration; they may be spread throughout the file.
      DocumentRoot /var/www/
      SSLEngine on
      SSLCertificateFile /path/to/your_domain_name.crt
      SSLCertificateKeyFile /path/to/your_private.key
      SSLCertificateChainFile /path/to/DigiCertCA.crt

    2. Make sure to adjust the file names to match your certificate files.
      • SSLCertificateFile is your DigiCert certificate file (e.g., your_domain_name.crt).
      • SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., your_private.key).
      • SSLCertificateChainFile is the DigiCert intermediate certificate file (e.g., DigiCertCA.crt)

        Note: If the SSLCertificateChainFile directive doesn’t work, try using the SSLCACertificateFile directive instead.

  3. Test your Apache2 configuration file before restarting.As a best practice, check your Apache2 configuration file for any errors before restarting Apache.

    Caution: Apache2 won’t start again if your configuration files have syntax errors.

    Run the following command to test your configuration file (on some systems, it’s apache2ctl):

    apachectl configtest
  4. Restart Apache2.You can use apachectl commands to stop and start Apache2 with SSL support.
    apachectl stop
    apachect1 start