This tutorial will show how to install SSL certification on the Apache web server.
β
We assume that you have already installed and configured the VPS server with an Apache web server.
β
Requirements
Before proceeding with installation, make sure that the SSL certificate is issued correctly. If you choose a certificate from Time4VPS, please follow these instructions on how to order it and get it issued: https://www.time4vps.com/knowledgebase/how-to-order-ssl-certificate-and-get-it-issued/
In order to store a certificate on the server, we will be using a default folder /etc/ssl/.
Installation steps
1. First of all, upload the certificate's file in the folder /etc/ssl/. It should be three of them:
domain.tld.crt (Certificate);
domain.tld.key (Private Key);
domain.tld.ca-bundle (Certification Authority (CA)).
Note. If you order a certificate from Time4VPS, you would find Certificate and CA files in the Clients area page: https://billing.time4vps.com/.
The Private Key is provided when you generate the CSR. If you do not order from Time4VPS, please contact your issuer of SSL certificate in order to get it.
β
2. Apache configuration for SSL certificate
You need to configure a default Apache file:
sudo nano /etc/apache2/sites-available/default-ssl.conf
Add a line under <VirtualHost _default_:443> if it does not exist:
ServerName domain.tld
In the same file find the line and edit the file path to your uploaded certificate files on the server:
SSLCertificateFile /etc/ssl/domain.tld.crt
SSLCertificateKeyFile /etc/ssl/domain.tld.key
SSLCertificateChainFile /etc/ssl/domain.tld.ca-bundl
Note. The file's path may be different if you prefer that, just do not forget to edit the path of the file correctly.
Enable the ModSSL module for Apache:
sudo a2enmod ssl
Enable our Apache SSL configuration file, which we edited earlier:
sudo a2ensite default-ssl
Restart Apache:
sudo systemctl restart apache2
That is it, your certificate was installed.
A piece of useful information is that you can also generate CSR via the command line:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.tld.key -out domain.tld.csr
After this, you will have to fill in the CSR details as below:
Country Name (2 letter code) [XX]: LT
State or Province Name (full name) []: Lietuva
Locality Name (eg, city) [Default City]: Vilnius
Organization Name (eg, company) [Default Company Ltd]: It can be your company name or First and Last name for individual person
Organizational Unit Name (eg, section) []: IT
Common Name (eg, your name or your server's hostname) []:
domain.tld (exact name of the domain, which will certificate be issued
for)
Email Address []: [email protected]
A challenge password []: press ENTER
An optional company name []: press ENTER
That is it. Your CSR is ready, and you can provide the content of it to the certificate issuer. A Private Key file was generated as well; you will need to use it to install SSL.