To install an SSL certificate on Apache2 (Debian/Ubuntu), follow these steps
This guide walks you through installing an SSL certificate purchased from Namecheap on an Apache2 server running Debian or Ubuntu.
Step 1: Download Your SSL Certificate
After reissuing your certificate on Namecheap, you will receive a ZIP file containing:
your_domain.crt(SSL Certificate)your_domain.ca-bundle(CA Bundle or Chain File)
If you don’t have these files, you can download them from your Namecheap account.
Step 2: Upload the SSL Certificate to Your Server
Connect to your server via SSH:
ssh user@your_server_ipCreate a directory to store your SSL certificate files:
sudo mkdir -p /etc/apache2/sslUpload the
.crtand.ca-bundlefiles to/etc/apache2/ssl/using SCP or SFTP.Upload the new SSL files to EC2
scp -i "PATH/your-key.pem" -r PATH/DomainName_com.crt DomainName_com.ca-bundle DomainName_com.key ec2-user@your-server-ip:/etc/ssl/certs/
Step 3: Configure Apache to Use SSL
Enable SSL Module and Virtual Host:
sudo a2enmod ssl sudo a2ensite default-sslOpen your Apache SSL configuration file:
sudo nano /etc/apache2/sites-available/default-ssl.confModify or add the following lines:
<VirtualHost *:443> ServerAdmin admin@yourdomain.com ServerName yourdomain.com ServerAlias www.yourdomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/apache2/ssl/your_domain.crt SSLCertificateKeyFile /etc/apache2/ssl/your_private_key.key SSLCertificateChainFile /etc/apache2/ssl/your_domain.ca-bundle <Directory /var/www/html> AllowOverride All </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>Note: The
your_private_key.keyis the private key you generated when creating the CSR.
Step 4: Restart Apache
After saving the changes, restart Apache to apply the new configuration:
sudo systemctl restart apache2
Step 5: Verify SSL Installation
Check if your SSL is installed correctly using:
sudo apachectl configtest
If the output shows Syntax OK, your configuration is correct.
You can also verify your SSL installation using: 🔗 SSL Checker
Step 6: Force HTTPS (Optional)
To redirect HTTP to HTTPS, add the following to your Apache configuration:
<VirtualHost *:80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
Redirect permanent / https://yourdomain.com/
</VirtualHost>
Then, restart Apache:
sudo systemctl restart apache2
Installation check
First, we will check the exact location of the current configuration file for HTTP websites. For that, run the following command:
sudo apachectl -S
Enabling SSL/TLS support on Apache
sudo a2enmod ssl
sudo service apache2 restart
If the command responds with “Module ssl already enabled”, then the module has already been enabled
Now, make sure to check the file syntax by running this command:
apachectl -t
If the command responds with “Syntax OK”, you can reboot the webserver. To do that, run the command: Done! The website is now secured. The installation can be checked 🔗 Here
🔴 Issue: Missing SSL Private Key (Domain.key)
$ sudo apachectl -S
AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/000-default.conf:
SSLCertificateKeyFile: file '/etc/ssl/private/DomainName.key' does not exist or is empty
Action '-S' failed.
The Apache error log may have more information.
If You Have a Backup, Restore the Key
sudo cp /path/to/backup/DomainName_com.key /etc/ssl/private/DomainName.key
sudo chmod 600 /etc/ssl/private/DomainName.key
sudo chown root:root /etc/ssl/private/DomainName.key
Done! 🎉
Your SSL certificate should now be active on your Apache2 server. 🚀