How to configure SSL on Apache

1.  Import your SSL to the server through FTP and unzip them in a particular directory, If you don’t have SSL you can generate Let’s Encrypt free SSL by following the below steps.

install the git package:
             Debian/Ubuntu
sudo apt-get install git  
                   RedHat/Centos  
    sudo yum install git

Clone a Let’s Encrypt repository from Github Official Repository

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Navigate to the clone directory
  sudo cd /opt/letsencrypt 

Run Let’s Encrypt with the –standalone parameter. For each additional domain name requiring a certificate, add -d example.com to the end of the command. Kindly change the domain name.

sudo -H ./letsencrypt-auto certonly --standalone -d cyberbuddy.in -d www.cyberbuddy.in

When prompted Agree to the Terms by pressing “A” and Type “N” for the second step.

After this SSL will generate if all goes well you will get the below output 

IMPORTANT NOTES:

 – Congratulations! Your certificate and chain have been saved at:

   /etc/letsencrypt/live/cyberbuddy.in/fullchain.pem

   Your key file has been saved at:

   /etc/letsencrypt/live/cyberbuddy.in/privkey.pem

   Your cert will expire on 2020-11-08. To obtain a new or tweaked

   version of this certificate in the future, simply run

   letsencrypt-auto again. To non-interactively renew *all* of your

   certificates, run “letsencrypt-auto renew”

 – If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt:   https://letsencrypt.org/donate

   Donating to EFF:                    https://eff.org/donate-le

2. Enable mod_ssl for Apache
             Debian/Ubuntu
 sudo a2enmod rewrite && sudo service apache2 restart  
                 RedHat/Centos
 sudo yum install mod_ssl -y && sudo systemctl restart httpd
3. Create VirtualHost Configuration for HTTPS, Kindly change the domain name.
<virtualhost *:443>
ServerName cyberbuddy.in
ServerAlias www.cyberbuddy.in
Documentroot /var/www/cyberbuddy.in
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/cyberbuddy.in/primary.crt
SSLCertificateKeyFile /etc/letsencrypt/live/cyberbuddy.in/private.key
SSLCertificateChainFile /etc/letsencrypt/live/cyberbuddy.in/intermediate.crt
<Directory "/var/www/cyberbuddy.in">
AllowOverride All
Allow from all
</Directory>
</virtualhost>
4. Then First, run the following command to check your Apache configuration file for errors
              Debian/Ubuntu
sudo apachectl configtest && sudo service apache2 restart  
             RedHat/Centos
sudo httpd -t && sudo service apache2 restart  
5. Confirm that the above commands returns a Syntax OK response. If it does not, review your configuration files.
6. After confirming a Syntax OK response, restart the apache by below commands
             RedHat/Centos
service apache2 restart
             RedHat/Centos
service httpd restart  
7. Verify your SSL installation through SSL Checker Website
8. Automatically Renew SSL Certificates (Optional)

You can add cron job to keep the ssl/letsencrypt-auto clinet up to date, follow below steps.

sudo crontab -e

0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew

0 0 1 * * cd /opt/letsencrypt && git pull
Please Drop Comment if you face any issue at any point, I will try to reply asap.
100% LikesVS
0% Dislikes

2 Comments

  • Vikas Kumar

    Awesome, Keep Learning & Sharing

  • Nitin

    very helpful 🙂

Comments are closed.