Configuring SSL/TLS Certificate on Apache Server (Debian/Ubuntu)

July 23, 2021 in WebServer

Step 1
Before installing a Certificate on your server, please ensure you have the following on hand.

  1. Private Key (Generated along with the CSR)
  2. Server Certificate
  3. Intermediate CA / Chain Certificate bundle (file ending with .ca-bundle)

Step 2
Copy these files on your Linux Server. These files can be placed anywhere, but it is recommended to have them in the following location.

  1. Server Certificate and Intermediate - /etc/pki/tls/certs/
  2. Private Key - /etc/pki/tls/private/

Installation and Configuration

  • In order to configure SSL, you will need to ensure that the Apache ssl module is installed on the server.
  • f the ssl module was not installed, then you can do so by running the following command.
#a2enmod ssl
  • After ensuring the files are in place and the sslmodule is installed on the server, you can start configuring ssl on the server.
  • The Virtual Host configuration files should be available under /etc/apache2/sites-available/ directory.
  • On this directory, the file named ‘default-ssl.conf’ is the default ssl configuration file.
  • We assume that you are using the default configuration here.

Edit the virtual host entry available in /etc/apache2/sites-available/default-ssl.conf file to assign the Private Key, Certificate and the Intermediate CA file to the configuration.

<VirtualHost *:443>
SSLEngine On

SSLCertificateFile /etc/pki/tls/certs/your_domain_name.crt
SSLCertificateKeyFile /etc/pki/tls/private/private.key
SSLCertificateChainFile /etc/pki/tls/certs/

  • You should make sure that the ‘default-ssl.conf’ enabled by running the following command.
#a2ensite default-ssl

  • After assigning appropriate files to the directives and enabling the site, you need to restart the Apache service, so that the new configuration will take effect.
service apache2 restart

Note: If you are renewing / replacing an existing certificate on your Apache server, simply:

  • upload the new certificate and private key files into the appropriate folders
  • modify /etc/apache2/sites-available/default-ssl.conf to assign the new files to the directives,
  • and restart the Apache service.

Note: You can also create your own Virtual Host configuration for your sites by copying the ‘default-ssl.conf’ and use those files to configure SSL for your website.
Make sure that you are enabling the new site after configuring the SSL using a2ensite command.