This topic describes how to install an Alibaba Cloud SSL certificate on an Apache 2 server that runs Ubuntu.

Environments

Operating system: Ubuntu

Web server: Apache 2

Prerequisites

Procedure

  1. Run the following command to create a ssl directory under the apache2 directory:
    mkdir /etc/apache2/ssl
  2. Run the following command to copy the downloaded Alibaba Cloud SSL certificate file to the ssl directory:
    cp -r YourDomainName_public.crt /etc/apache2/ssl
    cp -r YourDomainName_chain.crt /etc/apache2/ssl
    cp -r YourDomainName.key /etc/apache2/ssl
  3. Run the following command to enable the SSL module:
    sudo a2enmod ssl
    Enable the SSL module

    After the SSL module is enabled, run the ls /etc/apache2/sites-available command to view the default-ssl.conf file generated in the directory.

    Note Port 443 is a web browsing port, which is used for the HTTPS service. When the SSL module is enabled, port 443 is automatically enabled. If port 443 is not automatically enabled, run the vi /etc/apache2/ports.conf command and add Listen 443 to manually enable port 443.
  4. Run the following command to modify the SSL configuration file default-ssl.conf:
    vi /etc/apache2/sites-available/default-ssl.conf
    In the default-ssl.conf file, find the following parameters, modify them, and then save and exit.
    <IfModules mod_ssl.c>
    <VirtualHost *:443>  
    ServerName   # Changes it to the domain name www.YourDomainName.com that you bound to your SSL certificate.
    SSLCertificateFile /etc/apache2/ssl/www.YourDomainName_public.crt# Replaces /etc/apache2/ssl/www.YourDomainName.com_public.crt with the path and name of your certificate file.
    SSLCertificateKeyFile /etc/ssl/apache2/www.YourDomainName.com.key# Replaces /etc/apache2/ssl/www.YourDomainName.com.key with the path and name of your certificate key file.
    SSLCertificateChainFile /etc/apache2/ssl/www.YourDomainName.com_chain.crt# Replaces /etc/apache2/ssl/www.YourDomainName.com_chain.crt with the path and name of your certificate chain file.
    						
    Modify the SSL configuration file

    The /sites-available directory stores available virtual hosts. The /sites-enabled directory stores enabled virtual hosts.

    Note The default-ssl.conf file may be stored in the /etc/apache2/sites-available or /etc/apache2/sites-enabled directory.
  5. Run the following command to map the default-ssl.conf file to the /etc/apache2/sites-enabled folder to establish a symbolic link and realize automatic association between them.
    sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/001-ssl.conf
  6. Run the following command to reload the Apache 2 configuration file.
    sudo /etc/init.d/apache2 force-reload
    Reload the Apache 2 configuration file
  7. Run the following command to restart the Apache 2 service:
    sudo /etc/init.d/apache2 restart
    Restart the Apache 2 service

What to do next

After the Apache 2 service is restarted, enter https://www.YourDomainName.com in your browser to verify whether the SSL certificate is installed. If the green lock icon appears in the address bar of your browser, the SSL certificate is installed.