SSL on Ubuntu 16.04 With Apache 2.4.8
Getting the certificate
In my case i have used godaddy to buy a certificate.
After the checkout process it prompts you to generate a csr (certificate signing request).
SSH into the server and issue the following commands with your own info.
You get prompted for several different options like country, common name, organization. The most important is the common which is your domain.
1 | openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr |
This generates a key file and a csr file.
Copy the contents of the csr file and paste it into godaddy website.
1 | cat yourdomain.csr |
After this it might prompt you to verify your domain you can do this by placing an html file with specific content or by setting a TXT record in your domains DNS.
After you are verified you can download a zip with your certificate.
You should safely copy the zip to your server.
Configuring apache2
Checking apache version, apache versions differ in folder structure. So make sure to follow a tutorial for the correct one, this tutorial uses apache 2.4.8.
1 | apache2ctl -version |
First we create a place to store the certificates.
1 | sudo mkdir /etc/apache/ssl |
Unzip the downloaded certificate and move it to the correct place.
1 | unzip godaddy.zip |
Move the originally created key file to the same place.
1 | sudo mv yourdomain.key /etc/apache2/ssl/yourdomain.key |
Enable the apache2 ssl module by issuing this command and selecting ssl.1
2a2enmod
sudo /etc/init.d/apache2 restart
After this you should have a default-ssl.conf in your /etc/apache2/sites-available folder.
Create a symlink to that file to the sites-enabled folder.
Make sure that the name of the ssl config matches the config name you have in /etc/apache2/sites-enabled/ folder in my case it was 000-default.conf.
1 | sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf |
Edit the 000-default-ssl.conf.1
2
3SSLEngine on
SSLCertificateFile /etc/apache2/ssl/yourdomain.crt
SSLCertificateKeyFile /etc/apache2/ssl/yourdomain.key
Save and restart apache.
1 | sudo /etc/init.d/apache2 restart |