This tutorial will show how to install SSL certification on the Apache web server.
We assume that you have already installed and configured the VPS server with an Apache web server.
Requirements
Before proceeding with installation, make sure that the SSL certificate is issued correctly. If you choose a certificate from Time4VPS, please follow these instructions on how to order it and get it issued: https://www.time4vps.com/knowledgebase/how-to-order-ssl-certificate-and-get-it-issued/
In order to store a certificate on the server, we will be using a default folder /etc/ssl/.
Installation steps
1. First of all, upload the certificate's file in the folder /etc/ssl/. It should be three of them:
domain.tld.crt (Certificate);
domain.tld.key (Private Key);
domain.tld.ca-bundle (Certification Authority (CA)).
Note. If you order a certificate from Time4VPS, you would find Certificate and CA files in the Clients area page: https://billing.time4vps.com/.
The Private Key is provided when you generate the CSR. If you do not order from Time4VPS, please contact your issuer of SSL certificate in order to get it.
2. Apache configuration for SSL certificate
You need to configure a default Apache file:
sudo nano /etc/apache2/sites-available/default-ssl.conf
Add a line under <VirtualHost _default_:443> if it does not exist:
ServerName domain.tld
In the same file find the line and edit the file path to your uploaded certificate files on the server:
SSLCertificateFile /etc/ssl/domain.tld.crt
SSLCertificateKeyFile /etc/ssl/domain.tld.key
SSLCertificateChainFile /etc/ssl/domain.tld.ca-bundl
Note. The file's path may be different if you prefer that, just do not forget to edit the path of the file correctly.
Enable the ModSSL module for Apache:
sudo a2enmod ssl
Enable our Apache SSL configuration file, which we edited earlier:
sudo a2ensite default-ssl
Restart Apache:
sudo systemctl restart apache2
That is it, your certificate was installed.
A piece of useful information is that you can also generate CSR via the command line:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.tld.key -out domain.tld.csr
After this, you will have to fill in the CSR details as below:
Country Name (2 letter code) [XX]: LT
State or Province Name (full name) []: Lietuva
Locality Name (eg, city) [Default City]: Vilnius
Organization Name (eg, company) [Default Company Ltd]: It can be your company name or First and Last name for individual person
Organizational Unit Name (eg, section) []: IT
Common Name (eg, your name or your server's hostname) []:
domain.tld (exact name of the domain, which will certificate be issued
for)
Email Address []: [email protected]
A challenge password []: press ENTER
An optional company name []: press ENTER
That is it. Your CSR is ready, and you can provide the content of it to the certificate issuer. A Private Key file was generated as well; you will need to use it to install SSL.
