Skip to Content
JavaScriptCSSHTMLPHPReactVueNodeJSMySQLServer

How to Install SSL for Apache Virtual Hosts in Linux

Server iconServer

In this article, we'll run through installing and setting up an Apache virtual host to utilize the HTTPS protocol with an SSL certificate. This was set up and tested in a Ubuntu 18.04 environment.  Different versions may require a slightly different setup.

If you're not familiar with the initial virtual host setup process or need a refresher, you can learn how to setup Apache and virtual hosts here.

HTTPS today is pretty much a requirement. At the very least, it's highly recommended by top search engines like Google and Bing to have one set up, even if you're just running a little old blog like this one. It secures your website and, most importantly, your users and their information. So just do it.

What is an SSL Certificate?

An SSL certificate is a data file that digitally binds a cryptographic key to an organization's details, allowing secure connections from a web server to a user's browser.

SSL certificates are commonly used in scenarios where sensitive information is transferred, such as an e-commerce site accepting credit cards, any websites accepting user sign-ups, logins, or personal information, data transfers, and more. In today's world, it's best to have an SSL certificate installed for your website, even if you're running a simple site or blog.

I recommend NameCheap for all of your SSL purchasing needs. It's easy to get set up with an account, and only takes a few minutes to create an SSL certificate and install it on your server.

Install the SSL Certificate on Your Server

Since this article is about setting up an Apache virtual host to handle SSL certificates and HTTPS requests, I'm going to assume for now that you have already obtained the SSL certificates you need from a Certificate Authority, like NameCheap. Any well-known provider will work. You just need to make sure you have the following three certificate files before proceeding:

  • .cer or .crt file: The digital certificate file used by a web browser to verify a website or organization's security and authenticity.
  • .key file: The certificate's private key used in the encryption/decryption of data sent between your server and connecting clients.
  • .ca-bundle file: The root certificate belonging to the issuing Certificate Authority, and the intermediate certificate which acts as the middle-man between the protected root certificate and server certificates for your website.

All certificate files combined make up a certificate chain.

Let's install these three certificate files onto your web server at the following location:

/var/ssl/example/example.crt
/var/ssl/example/example.key
/var/ssl/example/example.ca-bundle

Create an Apache Virtual Host with SSL

Because I'm a minimalist, we're going to set up a single Apache virtual host that will work for connections through ports 80, regular traffic, and 443, secure traffic. It's easier to manage, especially if you're managing many sites in your configuration, and removes extra room for error.

LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

Listen 443

<VirtualHost *:80 *:443>
	ServerAdmin webmaster@localhost
	ServerName example.com
	ServerAlias www.example.com
	DocumentRoot /var/www/example
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	SSLEngine on
	SSLCertificateFile /var/ssl/example/example.crt
	SSLCertificateKeyFile /var/ssl/example/example.key
	SSLCertificateChainFile /var/ssl/example/example.ca-bundle
</VirtualHost>

First, we must make sure Apache's SSL module is installed and loaded properly before enabling it. Without this, restarting your Apache server will fail and you'll need to either comment it out or correct it before you can restart it again.

To ensure that the module is loaded and running on your server, run the following command:

a2enmod ssl

Next, we need to tell Apache to listen for incoming, secure traffic on port 443. By default, only port 80 is enabled, which will not work for HTTPS traffic.

Next, we're telling our VirtualHost configuration to listen to any requests received through ports 80 and 443 on a single virtual host instance. If a request is received through the secure port, the SSL directives kick in and include the SSL certificates installed at the locations we specify on the server, and enable SSL capabilities on your website.

Now, restart your Apache web server to enable the changes:

sudo systemctl restart apache2
Some server configurations, like Amazon LightSail, do not support connections through port 443 out of the box. To allow outside connections to the secure port, you must enable it through your provider.

Conclusion

Since HTTPS is pretty much a requirement, at least according to the top search engines, you should always install SSL certificates and enable for your websites from the get-go. It's best practice to do this and could save you a lot of time and trouble in the long-run.

As mentioned earlier, this was set up and tested in a Ubuntu 18.04 environment. Different versions may require a slightly different setup.  If you experience any differences, let us know in the comments below!

Last Updated: January 21, 2022
Created: August 29, 2020

Comments

Charles

2y
Hello,

On Ubuntu 20.04 LTS I did not need


LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
Listen 443


Thanks,
Charles

Reply
 

Josh Rowe

2y
Hey, Charles. Thanks for the heads up! I've updated this article to note that this was set up and tested in a Ubuntu 18.04 environment so that it's more clear. I appreciate you adding extra feedback for 20.04 LTS!

Reply

Add A Comment

Comment Etiquette: Wrap code in a <code> and </code>. Please keep comments on-topic, do not post spam, keep the conversation constructive, and be nice to each other.