How to Install SSL on Apache in Ubuntu Web Server

Secure Sockets Layer or SSL is the standard security technology for creating an encrypted connection between a web server and a web browser. This ensures that all data passed between the web server and the web browser remain private and secure. It is used by millions of websites in the protection of their online communications with their customers. In order to be able to generate an SSL link, a web server requires an SSL Certificate.

You can create your own SSL Certificate, but it will not be trusted by default in web browsers, to fix this you will have to buy a digital certificate from a trusted Certification Authority (CA).

In this tutorial, we learn how to install an SSL certificate on Apache 2.4 in Ubuntu. This helps to secure the communications between your visitors and your website.

Generating a Certificate Signing Request

The Certification Authority (CA) will ask you for a Certificate Signing Request (CSR) generated on your web server. This is a simple step and only takes a minute, you will have to run the following command and input the requested information:

# openssl req -new -newkey rsa:2048 -nodes -keyout yourdomainname.key -out yourdomainname.csr

The output should look something like this:

generate csr

This begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache OpenSSL.

Depending on the authority you apply to, you will either have to upload your CSR file or paste its content in a web form.

Install SSL Certificate in Apache

After the generation process is finished you will receive your new digital certificate, for this article we have used Comodo SSL and received the certificate in a zip file. To use it in apache you will first have to create a bundle of the certificates you received in the zip file with the following command:

# cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.crt

Now make sure that the SSL module is loaded in apache by running the following command:

# a2enmod ssl

If you get the message "Module ssl already enabled" you are ok, if you get the message "Enabling module ssl." you will also have to run the following command to restart apache:

# sudo systemctl start apache2

Finally, modify your virtual host file (generally found in /etc/apache2/sites-enabled) to look something like this:

DocumentRoot /var/www/html/
SSLEngine on
SSLCertificateFile /usr/local/ssl/crt/yourdomainname.crt
SSLCertificateKeyFile /usr/local/ssl/yourdomainname.key
SSLCACertificateFile /usr/local/ssl/bundle.crt

You should now access your website using https://YOURDOMAIN/ (be careful to use 'https' not http) and see the SSL in progress (generally indicated by a lock in your web browser).

NOTE: All the links must now point to HTTPS, if some of the content on the website (like images or CSS files) still point to HTTP links you will get a warning in the browser, to fix this you have to make sure that every link points to HTTPS.

Redirect HTTP requests to HTTPS version of your website

If you wish to redirect the normal HTTP requests to the HTTPS version of your website, add the following text to either the virtual host you wish to apply it to or to the apache.conf if you wish to apply it for all websites hosted on the server:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


In this tutorial, we learned how to install the SSL certificate on Apache in Ubuntu. If you looking for a free SSL certificate then use Apache with Let's Encrypt.

Leave a Comment