In this tutorial, you will learn how to install an SSL certificate on Ubuntu with Apache. The later paragraphs include SSL buying recommendations for an Ubuntu Server.
Table of Contents
- Generate a CSR code
- Install an SSL Certificate on Ubuntu Servers
- Where to buy an SSL Certificate for Ubuntu Server?
We also recorded a video that walks you through the entire process. You can watch the video, read the instructions, or do both. You can watch the video below.
Generate a CSR code
We’ll begin with CSR (Certificate Signing Request) code generation. A CSR is a request sent to a Certificate Authority to apply for a digital certificate.
You have two options:
- Use our CSR Generator to create the CSR automatically.
- Follow our step-by-step tutorial on how to generate CSR in Ubuntu.
Open a text editor such as Notepad to copy the CSR file and submit it to the Certificate Authority during your order process.
After your CA validates the CSR and issues the SSL certificate, you can proceed to the Ubuntu SSL installation instructions.
Install an SSL Certificate on Ubuntu Server
Follow the steps below to install your SSL certificate on Ubuntu. Ensure you don’t skip anything.
Step 1: Copy your certificate files to your server
Once you’ve completed the validation process, the Certificate Authority will send the SSL certificate files via email. Download the archived folder, and extract the server and intermediate certificates or CA Bundle. Upload them to the Ubuntu server in a specific directory.
You should have the following files ready for upload:
Copy your certificate files to a directory on your server. By default, this directory is /etc/ssl/ for your certificate.crt and ca_bundle.crt files, and /etc/ssl/private/ for your private.key file.
Step 2: Edit the Apache.config file
Its usual location is in /etc/apache2/sites-enabled/your_site_name. If you don’t find it there, run the following command:
sudo a2ensite your_site_name
Open the Apache.config file with a text editor of your choice.
Note: To access your site via both HTTP and HTTPS, you must separate two different files in the sites-enabled folder. The HTTP file is for port 80, while the HTTPS one is for port 443.
Step 3: Configure the Virtual Host block
This action will make your site accessible only via the secure HTTPS protocol. Your default Virtual Host block contains the following lines of code:
Adjust the Virtual Host block according to your SSL certificate details:
- In the SSLCertificate File parameter update the location of your SSL certificate file
- In the SSLCertificateKeyFile parameter, enter the location of the private key file you created during the CSR generation.
- In the SSLCertificateChainFile parameter, provide the location of the intermediate certificate file or CA bundle. (What is the CA Bundle and where to find it?).
Note: If the SSLCertificateFile directive doesn’t work, use the SSLCACertificateFile instead.
Double-check the Virtual Host block, and save the .config file.
Step 4: Test your new .config file
Run the apachectlConfigtest command to test your new .config file for potential errors. If something is wrong with your configuration, you may need to go back and repeat the previous installation steps. If it works correctly, continue with the final step.
Step 5: Restart the Apache
Use the apach ectl stop and apa chectl start commands to restart the Apache.
Congratulations! You have successfully installed your SSL certificate on your Ubuntu server. To further test your SSL installation, and receive instant status reports, use these highly recommended SSL tools.
Where to buy an SSL Certificate for Ubuntu Server?
SSL dragon is your one-stop place for all your SSL needs. We offer the lowest prices on the market for the entire range of our SSL products. We’ve partnered with the best SSL brands in the industry to offer you high-end SSL security and dedicated support. All our SSL certificates are compatible with Ubuntu servers.
We created a few handy SSL tools to help you choose the perfect certificate for your particular project. Our SSL Wizard and Certificate Filter can help you find the best SSL certificate for your online project.
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.