HostSEO Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


SSL Certificate installation on apache2 (Debian, Ubuntu)

Note: Before you begin, ensure youâ$™re all set with the prerequisites.

SSL installation instructions for CentOS

 

 

Installation steps

    1. Installation check

      First, we will check the exact location of the current configuration file for HTTP websites. For that, run the following command:

      sudo apachectl -S



      We can see the website configuration file (the one for non-secured HTTP connections via port 80) in the output. It is usually called "000-default.conf".

      The default folder for such a file location is /etc/apache2/sites-enabled.

      In this guide, we will show in detail how to add the settings for HTTPS port 443 into the same configuration file. However, we also recommend reviewing all possible ways to proceed - like separate configuration file creation in the /etc/apache2/sites-available or /etc/apache2/sites-enabled folder - here in the 'Tips and troubleshootings' part of this guide.


    2. Enabling SSL/TLS support on Apache

      Before we proceed any further, we will need to make sure that SSL/TLS support is enabled on the webserver. For that, we will need to run the following command:

      sudo a2enmod ssl



      If the command responds with â$œModule ssl already enabledâ$, then the module has already been enabled

      If the module was not yet enabled, the command will respond with â$˜Enabling module sslâ$™ and will complete the module enabling.

      After that, reboot the webserver so that the module can be applied to Apache. The service can be restarted by entering the following command:

      sudo service apache2 restart

    3. Configuring the webserver

      Now, configure the website to work with the SSL certificate.

      • If there were no SSLs installed on the webserver previously, check the configuration file name for the HTTP port 80 and open it in your text editor of choice (nano, vi, etc.).

      The configuration file name can be checked using the command: apachectl -S

      It is usually located in the /etc/apache2/sites-enabled folder.

      Note: If you are following another way from these ones, then keep in mind that your file name will be different, and you need to open your configuration file instead of the default one.



      Then open the configuration file and paste the following code at the very bottom of it:


      ServerName (DOMAIN NAME OF THE WEBSITE)
      DocumentRoot (ROOT FOLDER OF THE WEBSITE)


      SSLEngine on
      SSLCertificateFile (Certificate PATH)
      SSLCertificateKeyFile (Private key PATH)
      SSLCertificateChainFile (CA Bundle PATH)


      Make sure to replace the command values in brackets with the valid information for your domain name or website.

      In our case, it is as follows:


      ServerName example.com
      DocumentRoot /var/www/html


      SSLEngine on
      SSLCertificateFile /etc/ssl/1.crt
      SSLCertificateKeyFile /etc/ssl/1.key
      SSLCertificateChainFile /etc/ssl/1.ca-bundle




      After that, save the file.

      • If the SSL certificate was already installed on the webserver, check the configuration file name for port 443 and open it in the text editor.

      The configuration file name can be checked using the command: apachectl -S



      Then, make sure to replace the paths of the certificate files in the following sections:

      SSLCertificateFile
      SSLCertificateKeyFile
      SSLCertificateChainFile


      Enter the full paths to the SSL certificate, Private key and CA bundle files respectively uploaded or located on the server. After that, make sure to save the configuration file.

    4. Checking the configuration file and restarting the webserver

      Now, make sure to check the file syntax by running this command:

      apachectl -t



      If the command responds with â$œSyntax OKâ$, you can reboot the webserver. To do that, run the command:

      sudo service apache2 restart

      The configuration file should be listed in the Apache configuration files list (it can be checked by running apachectl -S once again):



      Done! The website is now secured. The installation can be checked here.

      There are no further obligatory actions for securing your domain name, however, you might wish to set up a HTTPS redirect for the website to be switched to a secured version automatically without entering https:// manually into the browser address bar. For a more detailed explanation about setting up the redirect, check this page.

      If there are issues with the installation, make sure to double-check this guide step-by-step to avoid mistakes. You can also check the next part of this guide as well.

 

Tips and troubleshooters

If you face any SSL-related issues with your Apache-based website, here is how to troubleshoot the most known errors that might occur during the restart:

 

Here are some more useful tips about the process:

    1. If you face a â$˜permission deniedâ$™ error when running a command, try adding the â$˜sudoâ$™ parameter before the command and run it once again.

      For instance, if nano ssl.conf results in Permission denied, you can try running sudo nano ssl.conf instead.

      Adding sudo will grant you â$˜superuserâ$™ permissions and the ability to perform some actions that require root user access without real root access.

      Please keep in mind that you may need to enter a password for the sudo user during this operation. Its symbols might not be shown when entering (for security reasons), however, the password will be accepted if entered properly. This password may have been given to you by your server admin or hosting provider support team, so if you donâ$™t know the password, we suggest contacting them for further assistance.

    2. If you see that the SSL has been installed without the CA bundle, it is possible to add the CA bundle without any significant changes to the configuration settings.

      In this case, please find the SSL configuration file on your server by following the steps in the guide for apache2 or httpd. Locate the path to the SSLCertificateFile in the configuration file, and open the file via that path for editing. You will see one block of code there (which is the SSL itself). You can download the CA bundle file from your Namecheap account (it is downloaded in the same archive with the SSL certificate) or from this page and copy the whole .ca-bundle file contents to the opened SSLCertificateFile.

      The new CA bundle codes should be entered from the new line after the SSL code which is already present there, without adding any new lines between them, like this:



 

  1. As for apache2, there are several ways to manage the configuration settings for the 443 HTTPS port.

    It is possible to add the HTTPS settings block to the same configuration file that determines the 80 HTTP port connections (usually it is called 000-default.conf). This method was outlined in the guide previously. The pros of this method are that all the settings for the website are managed in the same file and can be located and modified quickly. The cons are that the SSL files could get lost among other codes in the big configuration file, and could be difficult to locate for modifications or removal.

    An alternative method is to create a separate configuration file within the same folder as the default file for HTTP connections. If the folder is /etc/apache2/sites-enabled, no further special actions should be needed to accept and use the configuration file. Just follow the steps from the guide regarding adding a block of code, syntax checks, and Apache service restart.

    And if the new file is created within /etc/apache2/sites-available folder, you will need to to run the following command after the file is created and the necessary code is saved in it:

    sudo a2ensite your_ssl_config_name

    After that, please proceed with the syntax check and the Apache service restart to finalize the installation process.

 

Back to the main guide > >

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 1
2345678
9101112131415
16171819202122
23242526272829
30 

Born in 2004 ... Trusted By Clients n' Experts

SEO Stars

They never made me feel silly for asking questions. Help me understand how to attract more people and improve my search engine ranking.

Read More

Emily Schneller Manager at Sabre Inc
SEO Stars

Took advantage of Hostseo's superb tech support and I must say, it is a very perfect one. It is very fast, servers reliability is incredible.

Read More

Leena Mäkinen Creative producer
SEO Stars

We're operating a worldwide network of servers with high quality standards requirements, we’ve choose hostseo to be our perfect partner.

Read More

Ziff Davis CEO at Mashable
SEO Stars

It’s very comfortable to know I can rely about all technical issues on Hostseo and mostly that my website and emails are safe and secured here.

Read More

Isaac H. Entrepreneur
SEO Stars

With hostseo as a hosting partner we are more flexible and save money due to the better packages with great pricing, free SEO n' free SSL too!

Read More

Madeline E. Internet Professional