How to setup SSL certificate Ubuntu, Apache2, AWS?

1) Generate CSR –

First step is to generate CSR file, which will be used to create certificate file for SSL provider like Comodo, Namecheap etc.

Best path to create this certificate is – /etc/ssl/certs

 sudo openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

You can change name of the file instead of server.key and server.csr

Once you have CSR file ready, download it or copy the content of it and it will be required to provide to SSL provider to generate SSL Certificate file.

After downloading .cert file and bundle file from SSL provider follow the below steps.

Downloaded certificates will have .crt file and .ca-bundle file.

To create ca-bundle.crt file you need to merge .crt file and ca-bundle file in single file.

Open .crt file and copy its content. Now open .ca-bundle file and paste .crt file’s content to -ca.bundle. So it will look like .crt file’s content and then after ca-bundle file’s content merged together. Save it as ca-bundle.crt

Put this file on server path /etc/ssl/certs

2) Create new config for SSL

Goto path – cd /etc/apache2/sites-available/

Create new config file with website name:-

sudo nano domainname.conf

Paste below code to that config file. Replace bold texts with your own content.

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName DOMAINNAME.com
        ServerAlias www.DOMAINNAME.com
        ServerAdmin [email protected]
        DocumentRoot /var/www/html/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
        <Directory /var/www/html>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
</Directory>

</VirtualHost>
<VirtualHost _default_:443>

DocumentRoot /var/www/html/

ServerName DOMAINNAME.com
ServerAlias www.DOMAINNAME.com
SSLEngine on

SSLCertificateFile "/etc/ssl/certs/YOURCRTFILENAME.crt"
SSLCertificateKeyFile "/etc/ssl/certs/YOURKEYFILE.key"

SSLCACertificateFile "/etc/ssl/certs/ca-bundle.crt"
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
</Directory>

</VirtualHost>

– Now we need assign this config file as default config file –
For that we will first need to remove currently assigned config files with below code:-
sudo a2dissite 000-default.conf
sudo a2dissite default-ssl.conf

Now enable our recently created config file:-

sudo a2ensite domainname.conf

Active SSL Mode :-
sudo a2enmod ssl

Restart APACHE with following command:-

sudo service apache2 restart

Open your website in browser with https://yoururl.com it will start working. Enjoy!!