Installing Your SSL Certificate on Ubuntu with Apache2

Copy the certificate files to your server

  1. Download the intermediate and your primary certificate (your_domain_name.crt) files.
  2. Copy these files, along with the .key file you generated when creating the CSR, to the directory on the server where you keep your certificate and key files.

Note: Make them readable by root only to increase security.

Find the Apache configuration file you need to edit

The location and name of the configuration file can vary from server to server-especially if you're using a special interface to manage your server configuration.

  • The Ubuntu server with Apache2 main configuration file for your SSL/TLS site is typically found in /etc/apache2/sites-enabled/your_site_name.
  • If it's not found in the 'sites-enabled' directory, run the command below.
    sudo a2ensite your_site_name
  • Open the file with a text editor and find the blocks that contain the Apache settings.

Identify the SSL block you need to configure

If your site needs to be accessible through both secure (https) and non-secure (http) connections, you need two separate files in /etc/apache2/sites-enabled/. One file is for port 80 and the other file is for port 443. Configure both files for SSL as described in step 4.

If your site only needs to be accessed securely, configure the existing virtual host for SSL as described in step 4.

Configure the block for the SSL-enabled site

  1. Below is a very simple example of a virtual host configured for SSL. The parts listed in bold are the parts you must add to configure the SSL configuration; they may be spread throughout the file.

    • <VirtualHost>
    • DocumentRoot /var/www/
    • SSLEngine on
    • SSLCertificateFile /path/to/your_domain_name.crt
    • SSLCertificateKeyFile /path/to/your_private.key
    • SSLCertificateChainFile /path/to/Example.crt
    • </VirtualHost>
  2. Make sure to adjust the file names to match your certificate files.

    • SSLCertificateFile is your certificate file (e.g., your_domain_name.crt).
    • SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., your_private.key).
    • SSLCertificateChainFile is the intermediate certificate file (e.g., Example.crt)

Note: If the SSLCertificateChainFile directive doesn't work, try using the SSLCACertificateFile directive instead.

Test your Apache2 configuration file before restarting

As a best practice, check your Apache2 configuration file for any errors before restarting Apache.

Caution: Apache2 won't start again if your configuration files have syntax errors.

Run the following command to test your configuration file (on some systems, it's apache2ctl):
apachectl configtest

Restart Apache2

You can use apachectl commands to stop and start Apache2 with SSL support.

apachectl stop
apachect1 start

Restart Notes:

If Apache2 doesn't restart with SSL support, try using apachectl startssl instead of apachectl start. If SSL support only loads with apachectl startssl, we recommend you adjust the apache startup configuration to include SSL support in the regular apachectl start command. Otherwise, your server may require you to manually restart Apache2 using apachectl startssl in the event of a server reboot. This usually involves removing the and tags that enclose your SSL configuration.

Congratulations! You've successfully installed your SSL certificate.