How to Install an SSL Certificate on Ubuntu Server Using Apache
If you are wondering how to install an SSL certificate on Ubuntu server using Apache then we will take you through the step-by-step process and make this overwhelming process simpler. SSL certificates are now being encouraged under numerous regulatory frameworks like General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standards (PCI DSS) and several others.
Also, it could be that none of those regulations apply to you but you want to install an SSL certificate on your Ubuntu Server using Apache simply because SSL certificates do a commendable job when it comes to improving your website’s SEO ranking. After all, Google has been encouraging the use of HTTPS for quite some time now. Whatever may be the driving force compelling you to do this, we must congratulate you for being on the right track.
What do I need to install an SSL certificate on Ubuntu server using Apache?
The first step is to buy an SSL certificate if you don’t already have one. If you do, then make sure to check if your current SSL certificate is valid, else renew it. This is essential because an invalid certificate does not secure your website. So, confirming this prerequisite ensures that the rest of the process remains uninterrupted.
Also, you might want to avoid using the free SSL certificate provided by your web hosting service provider. Most of them offer a domain validated certificate, which may not be the best one for your business, especially, if you need to protect multiple add-on domains or even in the case of multiple subdomains of a single domain.
Encrypting Multiple Subdomains of a Single Domain
Usually, websites tend to make use of multiple subdomains as part of their SEO strategy or in a bid to boost their security measures. So, if your website’s architecture involves the use of multiple subdomains, then you need a more advanced type of SSL certificate called the Wildcard SSL Certificate.
Encrypting Multiple Domains
It is quite normal for a website to have multiple add-on domains and you can protect them all with a Multi-Domain SAN SSL certificate.
If you run a business that is trying to build more credibility, then you might as well consider investing in an Extended Validation Certificate or Organizational Validated certificate. Once you have made the right choice, then it is time to move forward and install the SSL certificate on the Ubuntu server using Apache.
How to install SSL on Ubuntu Apache Server?
If you have a Virtual Private Server (VPS) or wish to set up an add-on domain then in most cases you would have to install the SSL on your Ubuntu Apache Server manually, and that can seem overwhelming. However, we are going to break it down for you and make the entire process easier. So, if the service provider’s auto-install tool is not working too well, then you need not worry. Just ensure that you have the below-listed prerequisites and then get started with installing SSL on Ubuntu using Apache Server.
Prerequisites
- Ensure that your account has sudo permission to run elevated commands
- Root CA from a reliable Certifying Authority
Step 1 - Start by logging in via SSH
Step 2 - Create the Private and CSR Keys
Type the following command in the terminal
openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr
In the above command, make it a point to replace ‘server’ with your server’s actual name.
The above command will allow you to generate two files — one with the private key and another with CSR.
Private key is required to generate CSR. Later on, the private key uses the certificate to secure and verify the connections to ensure security.
The CSR key summons the SSL certificate. Later on, the CSR key is responsible for encrypting data exchanged between the server and the client, in a manner that it can only be decrypted with the corresponding private key.
Step 3 - Enter the Domain Name
When the system seeks the common name, it is asking you for your domain name.
In the case of a domain validated certificate, you simply need to type in the domain name
So, type YourWebsiteName.com
In the case of a wildcard SSL certificate which supports multiple subdomains
Type *. YourWebsiteName.com
Step 4 - Enter Additional Information
You may then have to enter some more information pertaining to your organization, so do that
With this, your .csr file is created
Step 5 - Save the private key in the .key format
Step 6 - Installing SSL Certificate on Ubuntu using Apache
Start by installing a package called the ca-certificates so that you can check the SSL connections. To do that, use the following command,
sudo apt-get install ca-certificates -y
Now copy the .cer or .crt file in a blank directory created exclusively for this purpose. To copy the file, use the following command,
sudo cp caName.crt /usr/local/share/ca-certificate
In the above command, ‘caName’ must be substituted with the name of your Certifying Authority.
Step 7 - PEM File Problem
In case you have the certificate as a PEM file then you must first convert it to the .crt format
openssl x509 -outform der -in caName.pem -out caName.crt
You can them move the converted PEM file to the directory with the above command.
Step 8 - Generate the .crt file
Finally, use the following command to update your certificates to generate the final .crt file which lists out all the certificates that you have just installed.
You can do that by executing the following command,
sudo update-ca-certificates
We strongly recommend that you install an SSL certificate procured from a reliable certifying authority to keep your website secure. However, we understand that you might not always be able to do that and so here’s a quick free alternative. So, let us discuss how you can install a free SSL certificate with Let’s Encrypt.
Free SSL Certificate with Let’s Encrypt
If you have decided to stick to installing a free SSL then you can consider doing that with Let’s Encrypt, which allows you to have an SSL Certificate for free but only for a period of 90 days. You then need to renew it, but this can be done automatically, and we shall soon discuss how.
Follow the instructions below in order to install a free SSL certificate,
Assuming that you have a recent version of Ubuntu, it would have a pre-installed Snapd, so you can skip installing it. For older versions, you need to install it.
Next, you need to install Certbot and you can do that by executing the following command
$ sudo snap install - - classic certbot
Depending on how you would want the certbot to do the job, pick one out of the two commands listed below.
To automatically turn on HTTPS
$ sudo certbot -- apache
Only to get a Certificate
$ sudo certbot certonly – apache
To turn on auto-renewal, use the following command
$ sudo certbot renew - - dry - run
Now unless you make some serious changes to your system’s configuration, the above command would automatically renew your SSL certificate before its expiry date.
However, as we wrap up this guide on installing SSL certificate on Ubuntu server using Apache, we would like to remind you to consider investing in a paid SSL certificate that works best with your website’s architecture.
