Before you start the SSL installation process, please make sure that the CSR code is generated, all validation requirements are met, and the SSL certificate is issued and downloaded.
The next prerequisites are intended to ease SSL installation and help you avoid the common pitfalls:
- Having access to the hosting server configuration over SSH via the terminal.
- The website should be working over the HTTP connection (default port 80)
- The private key should be located and matched with the SSL certificate. Check this article to find the private key and match it with the SSL certificate using this tool.
As you may know, there are many Linux distributions where an Apache HTTP server can be installed. In this article, we will review SSL installation steps for two major operating system families: Debian-based and RHEL-based ones.
For an Apache web server to run an encrypted HTTPS connection, make sure that the SSL mode is enabled by using this command:
sudo a2enmod ssl
Upload the SSL certificate files (.crt and .ca-bundle) to your server to the /etc/ssl/ folder and move the private key file (.key) to /etc/ssl/private/ for your convenience.
To start the SSL installation, locate the Apache configuration file which contains ...
settings for the HTTP connection of your website.
The default location of this file may vary and depends on the server configuration and the OS version.
In most cases, the appropriate configuration file (symbolic link) for the enabled HTTP website can be found in the /etc/apache2/sites-enabled/ directory for Debian and Ubuntu OS.
The following command may be helpful to find the proper configuration file:
The output may display a port (80), domain name (example.com), the conf file path (/etc/apache2/sites-enabled/000-default.conf) and line number (1) where Virtual Host for the HTTP connection starts.
The next output indicates that Apache already has a configuration file for a secure HTTPS connection, so you need to update it according to the SSL renewal section.
If you do not see the configuration file for secure connection (*:443 line with your domain name), a new SSL installation is required. Follow these instructions:
Make a replica of the configuration file where Virtual Host settings for the HTTP connection is located. This command may be helpful:
cp /etc/apache2/sites-available/your_website.conf /etc/apache2/sites-available/your_website-ssl.conf
Note! A new configuration file should be created in the sites-available directory.
Open the new configuration file with any text editor, change the port to 443 (default for the HTTPS connection) and add SSL directives. The example of a new Virtual Host for 443 may look like:
CustomLog /var/log/apache2/access_example_com.log "combined"
allow from all
Require all granted
Note! Starting from Apache 2.4.8, the “SSLCertificateChainFile” directive became obsolete. Intermediate certificates (CA bundle) can be added to the “SSLCertificateFile” right after the certificate code.
Enable the new SSL configuration file by running this command:
sudo a2ensite your_website-ssl.conf
When a new VirtualHost is created, save the file and run the syntax check:
If you are using virutal SSL enabled hosts be sure to add a default SSL Certificate to your Apache2 default-ssl.conf file. For example, the following lines
should also appear in your Apache2 default-ssl.conf file:
If the system shows “Syntax OK”, reload the Apache for the changes to make effect with the following command:
sudo service apache2 reload
Should any syntax error appears, it will be shown right away for troubleshooting.
The SSL installation can be verified using these tools:
To save the SEO ranking, it is recommended redirecting all HTTP requests to the secure HTTPS version of your website permanently.
Note! If you are using a multi-domain or wildcard certificate, it is necessary to modify the configuration files for each domain/subdomain for which the SSL certificate is issued, unless this domain is used as ServerAlias. You would need to specify the domain/subdomain you need to secure and refer to the same certificate files in the VirtualHost record the way described above.