In this tutorial, you will learn how to install an SSL certificate on Ubuntu with Apache. The later paragraphs include SSL buying recommendations for an Ubuntu Server.

Table of Contents

  1. Generate a CSR code
  2. Install an SSL Certificate on Ubuntu Servers
  3. Where to buy an SSL Certificate for Ubuntu Server?

We also recorded a video that walks you through the entire process. You can watch the video, read the instructions, or do both. You can watch the video below.

Generate a CSR code

We’ll begin with CSR (Certificate Signing Request) code generation. A CSR is a request sent to a Certificate Authority to apply for a digital certificate.

You have two options:

  1. Use our CSR Generator to create the CSR automatically.
  2. Follow our step-by-step tutorial on how to generate CSR in Ubuntu.

Install an SSL Certificate on Ubuntu Server

Follow the steps below to install your SSL certificate on Ubuntu. Ensure you don’t skip anything.

Step 1: Copy your certificate files to your server

Once you’ve completed the validation process, the Certificate Authority will send the SSL certificate files via email. Download the archived folder, and extract the server and intermediate certificates or CA Bundle. Upload them to the Ubuntu server in a specific directory.

You should have the following files ready for upload:

  • certificate.crt
  • Ca-bundle.crt
  • Private.key

Copy your certificate files to a directory on your server. By default, this directory is /etc/ssl/ for your certificate.crt and ca_bundle.crt files, and /etc/ssl/private/ for your private.key file.

Step 2: Edit the Apache.config file

Its usual location is in /etc/apache2/sites-enabled/your_site_name. If you don’t find it there, run the following command:

sudo a2ensite your_site_name

Open the Apache.config file with a text editor of your choice.

Note: To access your site via both HTTP and HTTPS, you must separate two different files in the sites-enabled folder. The HTTP file is for port 80, while the HTTPS one is for port 443.

Step 3: Configure the Virtual Host block

This action will make your site accessible only via the secure HTTPS protocol. Your default Virtual Host block contains the following lines of code:

<VirtualHost *:443>
DocumentRoot /var/www/site
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key
SSLCertificateChainFile /path/to/yourdomain.crt
</VirtualHost>

Adjust the Virtual Host block according to your SSL certificate details:

  • In the SSLCertificate File parameter update the location of your SSL certificate file
  • In the SSLCertificateKeyFile parameter, enter the location of the private key file you created during the CSR generation.
  • In the SSLCertificateChainFile parameter, provide the location of the intermediate certificate file or CA bundle. (What is the CA Bundle and where to find it?).

Note: If the SSLCertificateFile directive doesn’t work, use the SSLCACertificateFile instead.

Double-check the Virtual Host block, and save the .config file.

Step 4: Test your new .config file

Run the apachectlConfigtest command to test your new .config file for potential errors. If something is wrong with your configuration, you may need to go back and repeat the previous installation steps. If it works correctly, continue with the final step.

Step 5: Restart the Apache

Use the apach ectl stop and apa chectl start commands to restart the Apache.

Congratulations! You have successfully installed your SSL certificate on your Ubuntu server. To further test your SSL installation, and receive instant status reports, use these highly recommended SSL tools.

Where to buy an SSL Certificate for Ubuntu Server?

SSL dragon is your one-stop place for all your SSL needs. We offer the lowest prices on the market for the entire range of our SSL products. We’ve partnered with the best SSL brands in the industry to offer you high-end SSL security and dedicated support. All our SSL certificates are compatible with Ubuntu servers.

Get an SSL certificate now

FAQ

1. How do I know if an SSL certificate is installed on Ubuntu?

You can check if an SSL certificate is installed on Ubuntu via the following command:

sudo update-ca-certificates

2. Where do I put the SSL certificate in Ubuntu?

The path for SSL certificates is the /etc/ssl/certs/ directory on your server. Your private key files go to /etc/ssl/private. These are default locations, but you can change them depending on your configuration.

3. Where is the Apache .config file located?

By default, the Apache .config file resides in /etc/apache2/sites-enabled/your_site_name. If you don’t find it there, run the following command:

sudo a2ensite your_site_name

We created a few handy SSL tools to help you choose the perfect certificate for your particular project. Our SSL Wizard and Certificate Filter can help you find the best SSL certificate for your online project.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.