This topic describes how to install an Alibaba Cloud SSL certificate on an Apache 2 server that runs Ubuntu.
Environments
Operating system: Ubuntu
Web server: Apache 2
Prerequisites
- The Apache server certificate is downloaded from the SSL Certificates Service console.
- OpenSSL is installed.
Procedure
- Run the following command to create a ssl directory under the apache2 directory:
mkdir /etc/apache2/ssl - Run the following command to copy the downloaded Alibaba Cloud SSL certificate file
to the ssl directory:
cp -r YourDomainName_public.crt /etc/apache2/sslcp -r YourDomainName_chain.crt /etc/apache2/sslcp -r YourDomainName.key /etc/apache2/ssl - Run the following command to enable the SSL module:
sudo a2enmod ssl
After the SSL module is enabled, run the
ls /etc/apache2/sites-availablecommand to view the default-ssl.conf file generated in the directory.Note Port 443 is a web browsing port, which is used for the HTTPS service. When the SSL module is enabled, port 443 is automatically enabled. If port 443 is not automatically enabled, run thevi /etc/apache2/ports.confcommand and addListen 443to manually enable port 443. - Run the following command to modify the SSL configuration file default-ssl.conf:
vi /etc/apache2/sites-available/default-ssl.confIn the default-ssl.conf file, find the following parameters, modify them, and then save and exit.<IfModules mod_ssl.c> <VirtualHost *:443> ServerName # Changes it to the domain name www.YourDomainName.com that you bound to your SSL certificate. SSLCertificateFile /etc/apache2/ssl/www.YourDomainName_public.crt# Replaces /etc/apache2/ssl/www.YourDomainName.com_public.crt with the path and name of your certificate file. SSLCertificateKeyFile /etc/ssl/apache2/www.YourDomainName.com.key# Replaces /etc/apache2/ssl/www.YourDomainName.com.key with the path and name of your certificate key file. SSLCertificateChainFile /etc/apache2/ssl/www.YourDomainName.com_chain.crt# Replaces /etc/apache2/ssl/www.YourDomainName.com_chain.crt with the path and name of your certificate chain file.
The /sites-available directory stores available virtual hosts. The /sites-enabled directory stores enabled virtual hosts.
Note The default-ssl.conf file may be stored in the /etc/apache2/sites-available or /etc/apache2/sites-enabled directory. - Run the following command to map the default-ssl.conf file to the /etc/apache2/sites-enabled folder to establish a symbolic link and realize automatic association between them.
sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/001-ssl.conf - Run the following command to reload the Apache 2 configuration file.
sudo /etc/init.d/apache2 force-reload
- Run the following command to restart the Apache 2 service:
sudo /etc/init.d/apache2 restart
What to do next
After the Apache 2 service is restarted, enter https://www.YourDomainName.com in your browser to verify whether the SSL certificate is installed. If the green lock icon appears in the address bar of your browser, the SSL certificate is installed.
- Install SSL certificates on Tomcat servers
- Install SSL certificates on Apache servers
- How do I deploy the issued certificate in Apache server
- Install an SSL certificate on an NGINX server or a Tengine server
- Install SSL certificates in IIS servers
- Deploy SSL certificates on Tomcat 8.5 or 9.0 servers that run CentOS
- Install SSL certificates on Jetty servers