1. Guides & Tutorials
  2. Security, Upgrades & Backups
  3. SSL Certificates
  4. SSL Certificates with Apache on Debian & Ubuntu

SSL Certificates with Apache on Debian & Ubuntu

Updated by James Stewart

This guide will assist you with enabling SSL for websites served under the Apache web server, in order to ensure secure access to your website and services.

Prerequisites

This guide assumes that you are running Apache2.4 or higher on Debian 8 or Ubuntu 14.04 or above. Prior to following this guide, you will also need to ensure that the following steps have been taken on your Linode.

  • Follow our Getting Started guide to configure your Linode.

  • Follow our Hosting a Website guide, and create a site that you wish to secure with SSL.

  • Follow our guide for obtaining either a self signed or commercial SSL certificate.

  • If hosting multiple websites with commercial SSL certificates on the same IP address, use the SNI extension of TLS. SNI is accepted by most modern web browsers. If you expect to receive connections from clients running legacy browsers (Like Internet Explorer for Windows XP), you will need to contact support to request an additional IP address.

Get the CA Root Certificate

If you’re using a self-signed certificate, skip this step.

Download the root certificate for the provider that issued your commercial certificate before you can begin using it. You may obtain the root certs for various providers from these sites:

Most providers will provide a root certificate file as either a .cer or .pem file. Save the provided root certificate in /etc/ssl/localcerts.

Configure Apache to use the SSL Certificate

  1. Edit the virtual host configuration files located in /etc/apache2/sites-available, to provide the certificate file paths. For each virtual host, replicate the configuration shown below. Replace any mentions of example.com with your own domain. You will also need to ensure that the SSLCACertificateFile value is configured to point to the CA root certificate downloaded in the previous step:

    Apache virtual hosting file
    1
2
3
4
5
6
7
8
9
10
11
12
    <VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/ssl/localcerts/www.example.com.crt
    SSLCertificateKeyFile /etc/ssl/localcerts/www.example.com.key
    SSLCACertificateFile /etc/ssl/localcerts/ca.pem  # If using a self-signed certificate, omit this line

    ServerAdmin info@example.com
    ServerName www.example.com
    DocumentRoot /var/www/example.com/public_html/
    ErrorLog /var/www/example.com/log/error.log
    CustomLog /var/www/example.com/log/access.log combined
</VirtualHost>

  2. Ensure that the Apache SSL module is enabled:

    1
    a2enmod ssl

  3. Restart Apache:

    1
    service apache2 restart

You should now be able to visit your site with SSL enabled.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This guide is published under a CC BY-ND 3.0 license.