SSL on Ubuntu 16.04 With Apache 2.4.8

Getting the certificate

In my case i have used godaddy to buy a certificate.
After the checkout process it prompts you to generate a csr (certificate signing request).

SSH into the server and issue the following commands with your own info.
You get prompted for several different options like country, common name, organization. The most important is the common which is your domain.

1
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

This generates a key file and a csr file.
Copy the contents of the csr file and paste it into godaddy website.

1
cat yourdomain.csr

After this it might prompt you to verify your domain you can do this by placing an html file with specific content or by setting a TXT record in your domains DNS.

After you are verified you can download a zip with your certificate.
You should safely copy the zip to your server.

Configuring apache2

Checking apache version, apache versions differ in folder structure. So make sure to follow a tutorial for the correct one, this tutorial uses apache 2.4.8.

1
apache2ctl -version

First we create a place to store the certificates.

1
sudo mkdir /etc/apache/ssl

Unzip the downloaded certificate and move it to the correct place.

1
2
unzip godaddy.zip
sudo mv somefilename.crt /etc/apache2/ssl/yourdomain.crt

Move the originally created key file to the same place.

1
sudo mv yourdomain.key /etc/apache2/ssl/yourdomain.key

Enable the apache2 ssl module by issuing this command and selecting ssl.

1
2
a2enmod
sudo /etc/init.d/apache2 restart

After this you should have a default-ssl.conf in your /etc/apache2/sites-available folder.

Create a symlink to that file to the sites-enabled folder.
Make sure that the name of the ssl config matches the config name you have in /etc/apache2/sites-enabled/ folder in my case it was 000-default.conf.

1
sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf

Edit the 000-default-ssl.conf.

1
2
3
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/yourdomain.crt
SSLCertificateKeyFile /etc/apache2/ssl/yourdomain.key

Save and restart apache.

1
sudo /etc/init.d/apache2 restart