This tutorial will show how to install SSL certification on the Apache webserver.
We assume that you have already installed and configured the VPS server with an Apache webserver.
Requirements
Before proceeding with installation, make sure that the SSL certificate is issued correctly. If you choose a certificate from vpshosting.lk , please follow this instruction on how to order it and get issued:
https://www.vpshosting.lk/knowledgebase
In order to store a certificate on the server, we will be using a default folder /etc/ssl/.
Installation steps
1.First of all, upload the certificate's file in the folder /etc/ssl/. It should be three of them:
- domain.tld.crt (Certificate);
- domain.tld.key (Private Key);
- domain.tld.ca-bundle (Certification Authority (CA)).
Note. If you order a certificate from VPSHosting.lk, you will find Certificate and CA files in the Clients area page:
https://app.vpshosting.lk/index.php?rp=/login
Private Key is provided when you generate the CSR. If you do not order from VPSHosting.lk, please contact your issuer of SSL certificate in order to get it.
2.Apache configuration for SSL certificate
You need to configure a default Apache file:
sudo nano /etc/apache2/sites-available/default-ssl.conf
Add a line under _<VirtualHost default:443>_ if it does not exist:
ServerName domain.tld
In the same file find the line and edit the file path to your uploaded certificate files on the server:
SSLCertificateFile /etc/ssl/domain.tld.crt
SSLCertificateKeyFile /etc/ssl/domain.tld.key
SSLCertificateChainFile /etc/ssl/domain.tld.ca-bundl
Note. The files path may be different if you prefer that, just do not forget to edit the path of the file correctly.
Enable ModSSL module for Apache:
Enable our Apache SSL configuration file which we edited earlier:
sudo a2ensite default-ssl
Restart Apache:
sudo systemctl restart apache2
That is, it, your certificate was installed.
A piece of useful information is that you can also generate CSR via command line:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.tld.key -out domain.tld.csr
After this, you will have to fill the CSR details like bellow:
Country Name (2 letter code) [XX]: LT
State or Province Name (full name) []: Lietuva
Locality Name (eg, city) [Default City]: Vilnius
Organization Name (eg, company) [Default Company Ltd]: It can be your company name or First and Last name for individual person
Organizational Unit Name (eg, section) []: IT
Common Name (eg, your name or your server's hostname) []:
domain.tld (exact name of the domain, which will certificate be issued
for)
Email Address []: email@address.com
A challenge password []: press ENTER
An optional company name []: press ENTER
That is it. Your CSR is ready, and you can provide the content of it for certificate issuer. Private Key file was generated as well, you will need to use it to install SSL.