⁠⁠How Do I Install SSL Certificates on Apache?

How do I install SSL on Apache?

  1. Firstly you will need to install Apache if it is not already installed on your server. You can install Apache with the following commands:
    1. Update your package list with this command:
      sudo apt update
    2. Install Apache with this command:
      sudo apt install apache2
    3. Check that Apache is running with these commands:
      sudo systemctl start apache
      sudo systemctl enable apache
      sudo systemctl status apache2 
  2. Next install the SSL module for Apache with these commands:
    sudo a2enmod ssl 
    sudo systemctl restart apache2
  3. Now you'll need to configure the SSL certificates.
    1. First create a directory to store your SSL certificates:
      sudo mkdir -p /etc/apache2/ssl
    2. Next you'll need to copy your certificates to the directory you just created.

      Assuming your certificates are on your local machine, and you are using Windows OS on your local machine, you can use WinSCP to upload certificate files to previously created directory /etc/apache2/ssl.

      In case you are using Linux distribution on your local machine, you can use scp totransfer them to the server.

      Replace "your_username" and "your_server_ip" in the example below with your actual username and server IP address and run the 3 commands separately:
      scp /path/to/your/certificate.crt your_username@your_server_ip:/etc/apache2/ssl/ 
      scp /path/to/your/certificate.key your_username@your_server_ip:/etc/apache2/ssl/ 
      scp /path/to/your/certificate_chain.crt your_username@your_server_ip:/etc/apache2/ssl/
    3. Then set the permissions for these certificates:
      sudo chmod 600 /etc/apache2/ssl/certificate.key
  4. Next you'll need to configure Apache to use SSL. You'll need to create or modify the virtual host configuration for your site to use SSL. 
    1. Create a new configuration file for your SSL site or edit the default one:
      sudo nano /etc/apache2/sites-available/your_domain_ssl.conf
      Please note that you can use vi, nano or any other text editor of your choice.

      Replace "your_domain_ssl.conf" with your desired config filename, for example, "default-ssl.conf" if you're editing the default one.
    2. Add or modify the following configuration to the textfile that is opened:
      <VirtualHost *:443> 
             ServerAdmin [email protected] 
             ServerName your_domain.com 
             ServerAlias www.your_domain.com 
        
             DocumentRoot /var/www/html 
             SSLEngine on 
             SSLCertificateFile /etc/apache2/ssl/certificate.crt 
             SSLCertificateKeyFile /etc/apache2/ssl/certificate.key 
             SSLCertificateChainFile /etc/apache2/ssl/certificate_chain.crt 
        
             <Directory /var/www/html> 
                 Options Indexes FollowSymLinks 
                 AllowOverride All 
                 Require all granted 
             </Directory> 
        
             ErrorLog ${APACHE_LOG_DIR}/error.log 
             CustomLog ${APACHE_LOG_DIR}/access.log combined 
         </VirtualHost>
      Ensure that "SSLCertificateFile", "SSLCertificateKeyFile", and "SSLCertificateChainFile" point to the correct paths of your certificate files. 
      
    3. Enable the SSL site with the following command:
      sudo a2ensite your_domain_ssl.conf 
    4. (optional) Disable the default HTTP site if you want:
      sudo a2dissite 000-default.conf 
    5. Restart Apache to apply changes:
      sudo systemctl reload apache2 

Optionally you can also redirect HTTP to HTTPS with the following steps:

To redirect all HTTP traffic to HTTPS, you can add the following to your non-SSL virtual host configuration (usually in "000-default.conf"):

<VirtualHost *:80> 
    ServerAdmin [email protected] 
    ServerName your_domain.com 
    ServerAlias www.your_domain.com 
  
    DocumentRoot /var/www/html 
  
    RewriteEngine On 
    RewriteCond %{HTTPS} off 
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 
  
    ErrorLog ${APACHE_LOG_DIR}/error.log 
    CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost> 

Then, enable the "rewrite" module and restart Apache:

sudo a2enmod rewrite 
sudo systemctl restart apache2 

Now, your website should be accessible over HTTPS using your SSL certificates. 


You can read more about SSL on our blog here.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article

Modified on Tue, 17 Sep at 11:17 AM

Can’t find what you’re looking for?

Get in Touch

Do you have a pre-sales question?