How Do I Install SSL Certificates on Apache?
How do I install SSL on Apache?
- Firstly you will need to install Apache if it is not already installed on your server. You can install Apache with the following commands:
- Update your package list with this command:
sudo apt update
- Install Apache with this command:
sudo apt install apache2
- Check that Apache is running with these commands:
sudo systemctl start apache sudo systemctl enable apache sudo systemctl status apache2
- Update your package list with this command:
- Next install the SSL module for Apache with these commands:
sudo a2enmod ssl sudo systemctl restart apache2
- Now you'll need to configure the SSL certificates.
- First create a directory to store your SSL certificates:
sudo mkdir -p /etc/apache2/ssl
- Next you'll need to copy your certificates to the directory you just created.
Assuming your certificates are on your local machine, and you are using Windows OS on your local machine, you can use WinSCP to upload certificate files to previously created directory /etc/apache2/ssl.
In case you are using Linux distribution on your local machine, you can use scp totransfer them to the server.
Replace "your_username" and "your_server_ip" in the example below with your actual username and server IP address and run the 3 commands separately:scp /path/to/your/certificate.crt your_username@your_server_ip:/etc/apache2/ssl/
scp /path/to/your/certificate.key your_username@your_server_ip:/etc/apache2/ssl/
scp /path/to/your/certificate_chain.crt your_username@your_server_ip:/etc/apache2/ssl/
- Then set the permissions for these certificates:
sudo chmod 600 /etc/apache2/ssl/certificate.key
- First create a directory to store your SSL certificates:
- Next you'll need to configure Apache to use SSL. You'll need to create or modify the virtual host configuration for your site to use SSL.
- Create a new configuration file for your SSL site or edit the default one:
sudo nano /etc/apache2/sites-available/your_domain_ssl.conf
Please note that you can use vi, nano or any other text editor of your choice.
Replace "your_domain_ssl.conf" with your desired config filename, for example, "default-ssl.conf" if you're editing the default one. - Add or modify the following configuration to the textfile that is opened:
<VirtualHost *:443> ServerAdmin [email protected] ServerName your_domain.com ServerAlias www.your_domain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/apache2/ssl/certificate.crt SSLCertificateKeyFile /etc/apache2/ssl/certificate.key SSLCertificateChainFile /etc/apache2/ssl/certificate_chain.crt <Directory /var/www/html> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Ensure that "SSLCertificateFile", "SSLCertificateKeyFile", and "SSLCertificateChainFile" point to the correct paths of your certificate files.
- Enable the SSL site with the following command:
sudo a2ensite your_domain_ssl.conf
- (optional) Disable the default HTTP site if you want:
sudo a2dissite 000-default.conf
- Restart Apache to apply changes:
sudo systemctl reload apache2
- Create a new configuration file for your SSL site or edit the default one:
Optionally you can also redirect HTTP to HTTPS with the following steps:
To redirect all HTTP traffic to HTTPS, you can add the following to your non-SSL virtual host configuration (usually in "000-default.conf"):
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName your_domain.com
ServerAlias www.your_domain.com
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Then, enable the "rewrite" module and restart Apache:
sudo a2enmod rewrite
sudo systemctl restart apache2
Now, your website should be accessible over HTTPS using your SSL certificates.
You can read more about SSL on our blog here.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article