How to Setup SSL for Apache Virtual Hosts

In this article, we'll run through setting up an Apache virtual host using the HTTPS protocol and an SSL certificate. If you're not familiar with the initial virtual host setup process or need a refresher, you can learn how to setup Apache and virtual hosts here.

HTTPS today is pretty much a requirement. At the very least, it's highly recommended by top search engines like Google and Bing to have one set up, even if you're just running a little old blog like this one. It secures your website and, most importantly, your users and their information. So just do it.

What is an SSL Certificate?

An SSL certificate is a data file that digitally binds a cryptographic key to an organization's details, allowing secure connections from a web server to a user's browser.

SSL certificates are commonly used in scenarios where sensitive information is transferred, such as an e-commerce site accepting credit cards, any websites accepting user sign-ups, logins, or personal information, data transfers, and more. In today's world, it's best to have an SSL certificate installed for your website, even if you're running a simple site or blog.

I recommend NameCheap for all of your SSL purchasing needs. It's easy to get set up with an account, and only takes a few minutes to create an SSL certificate and install it on your server.

Install the SSL Certificate on Your Server

Since this article is about setting up an Apache virtual host to handle SSL certificates and HTTPS requests, I'm going to assume for now that you have already obtained the SSL certificates you need from a Certificate Authority, like NameCheap. Any well-known provider will work. You just need to make sure you have the following three certificate files before proceeding:

  • .cer or .crt file: The digital certificate file used by a web browser to verify a website or organization's security and authenticity.
  • .key file: The certificate's private key used in the encryption/decryption of data sent between your server and connecting clients.
  • .ca-bundle file: The root certificate belonging to the issuing Certificate Authority, and the intermediate certificate which acts as the middle-man between the protected root certificate and server certificates for your website.

All certificate files combined make up a certificate chain.

Let's install these three certificate files onto your web server at the following location:

/var/ssl/example/example.crt
/var/ssl/example/example.key
/var/ssl/example/example.ca-bundle

Create an Apache Virtual Host with SSL

Because I'm a minimalist, we're going to set up a single virtual host that will work for connections through ports 80, regular traffic, and 443, secure traffic. It's easier to manage, especially if you're managing many sites in your configuration, and removes extra room for error.

LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

Listen 443

<VirtualHost *:80 *:443>
ServerAdmin webmaster@localhost
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/ssl/example/example.crt
SSLCertificateKeyFile /var/ssl/example/example.key
SSLCertificateChainFile /var/ssl/example/example.ca-bundle
</VirtualHost>

First, we must make sure Apache's SSL module is installed and loaded properly before enabling it. Without this, restarting your Apache server will fail and you'll need to either comment it out or correct it before you can restart it again.

To ensure that the module is loaded and running on your server, run the following command:

a2enmod ssl

Next, we need to tell Apache to listen for incoming, secure traffic on port 443. By default, only port 80 is enabled, which will not work for HTTPS traffic.

Next, we're telling our VirtualHost configuration to listen to any requests received through ports 80 and 443 on a single virtual host instance. If a request is received through the secure port, the SSL directives kick in and include the SSL certificates installed at the locations we specify on the server, and enable SSL capabilities on your website.

Now, restart your Apache web server to enable the changes:

sudo systemctl restart apache2
Some server configurations, like Amazon LightSail, do not support connections through port 443 out of the box. To allow outside connections to the secure port, you must enable it through your provider.

Conclusion

Since HTTPS is pretty much a requirement, at least according to the top search engines, you should always install SSL certificates and enable for your websites from the get-go. It's best practice to do this and could save you a lot of time and trouble in the long-run.