In this tutorial, you will learn how to install an SSL certificate on Ubuntu with Apache. The later paragraphs include SSL buying recommendations for an Ubuntu Server.
Table of Contents
- Generate a CSR code
- Install an SSL Certificate on Ubuntu Servers
- Where to buy an SSL Certificate for Ubuntu Server?
We also recorded a video that walks you through the entire process of installing an SSL certificate in Ubuntu:
If you prefer the text version of the tutorial, keep reading below:
Generate a CSR code
We’ll begin with CSR (Certificate Signing Request) code generation. A CSR is a request sent to a Certificate Authority to apply for a digital certificate.
You have two options:
- Use our CSR Generator to create the CSR automatically
- Follow our step-by-step tutorial on how to generate CSR in Ubuntu
Open a text editor such as Notepad to copy the CSR file and submit it to the Certificate Authority during your order process.
After your CA validates the CSR and issues the SSL certificate, you can proceed to the Ubuntu SSL installation instructions.
Install an SSL Certificate in Ubuntu Server
Follow the steps below to install your SSL certificate on Ubuntu. Ensure you don’t skip anything.
Step 1: Copy your certificate files to your server
Once you’ve completed the validation process, the Certificate Authority will send the SSL certificate files via email. Download the archived folder, and extract the server and intermediate certificates or CA Bundle. Upload them to the Ubuntu server in a specific directory.
You should have the following files ready for upload:
- certificate.crt
- Ca-bundle.crt
- Private.key
Copy your certificate files to a directory on your server. By default, this directory is /etc/ssl/ for your certificate.crt and ca_bundle.crt files, and /etc/ssl/private/ for your private.key file.
Step 2: Edit the Apache.config file
Its usual location is in /etc/apache2/sites-enabled/your_site_name. If you don’t find it there, run the following command:
sudo a2ensite your_site_name
Open the Apache.config file with a text editor of your choice.
Note: To access your site via both HTTP and HTTPS, you must separate two different files in the sites-enabled folder. The HTTP file is for port 80, while the HTTPS one is for port 443.
Step 3: Configure the Virtual Host block
This action will make your site accessible only via the secure HTTPS protocol. Your default Virtual Host block contains the following lines of code:
DocumentRoot /var/www/site
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key
SSLCertificateChainFile /path/to/yourdomain.crt
Adjust the Virtual Host block according to your SSL certificate details:
- In the SSLCertificate File parameter update the location of your SSL certificate file
- In the SSLCertificateKeyFile parameter, enter the location of the private key file you created during the CSR generation.
- In the SSLCertificateChainFile parameter, provide the location of the intermediate certificate file or CA bundle. (What is the CA Bundle and where to find it?).
Note: If the SSLCertificateFile directive doesn’t work, use the SSLCACertificateFile instead.
Double-check the Virtual Host block, and save the .config file.
Step 4: Test your new .config file
Run the apachectlConfigtest command to test your new .config file for potential errors. If something is wrong with your configuration, you may need to go back and repeat the previous installation steps. If it works correctly, continue with the final step.
Step 5: Restart the Apache
Use the apach ectl stop and apa chectl start commands to restart the Apache.
Congratulations! You have successfully installed your SSL certificate on your Ubuntu server. To further test your SSL installation, and receive instant status reports, use these highly recommended SSL tools.
Where to Buy an SSL Certificate for Ubuntu Server?
SSL dragon is your one-stop place for all your SSL needs. We offer the lowest prices on the market for the entire range of our SSL products. We’ve partnered with the best SSL brands in the industry to offer you high-end SSL security and dedicated support. All our SSL certificates are compatible with Ubuntu servers.
Frequently Asked Questions
You can check if an SSL certificate is installed on Ubuntu via the following command:
sudo update-ca-certificates
Copy Link
The path for SSL certificates is the /etc/ssl/certs/ directory on your server. Your private key files go to /etc/ssl/private. These are default locations, but you can change them depending on your configuration.
Copy Link
By default, the Apache .config file resides in /etc/apache2/sites-enabled/your_site_name. If you don’t find it there, run the following command:
sudo a2ensite your_site_name
Copy Link
Save 10% on SSL Certificates when ordering today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10