How to install an SSL certificate on Apache

If you have generated your Let’s Encrypt certificate with Really Simple SSL, and you don’t have any of the automated installation options (shell, cPanel with API, Plesk with API or Cloudways), you’ll need to install the SSL certificate manually on your Apache server.

Download your certificate files

At the end of the Let’s Encrypt SSL certificate generation in the Really Simple SSL wizard, you see several buttons allowing you to download the required files: a certificate.crt and a private.pem file. You can either copy the contents of those files, or download & save the files.

Locate the Apache configuration file

Depending on your server and/or operating system, the configuration file may be called httpd.conf, apache2.conf or ssl.conf, and may be located at /etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf. The configuration file contains the Virtual Hosts for all domains that are hosted on the server.

Please note that if you have Apache server installed on an Ubuntu operating system, each site has a separate configuration that can be found at /etc/apache2/sites-enabled/.

Configure the virtual host section

You’ll need to add/modify the virtual host for port 443 in the configuration file you found in the previous steps. Make a backup before proceeding. You can do this by simply creating a duplicate of the .conf file to .conf-bkp.

The virtual host file should have the following directives, without any comments tags (#) in front:

SSLEngine on
SSLCertificateFile pointed to the location of the Certificate issued for your domain name
SSLCertificateKeyFile pointed to the location of your Private Key on the server.

The Virtual Host for 443 port should look the following way:

ServerAdmin [email protected]
DocumentRoot var/www
ServerName www.really-simple-ssl.com
ErrorLog www/home/logs/error_log
SSLEngine on
SSLCertificateFile /etc/ssl/certificate.crt
SSLCertificateKeyFile /etc/ssl/private.pem

Enabling OCSP Stapling

OCSP Stapling improves performance of your certificate. To enable, you can add to the Virtual Host:

SSLUseStapling on

To specify the OCSP cache response location and size outside of the Virtual Host section:

SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

Note: OCSP Stapling is only enabled for configuration from Apache HTTP server 2.3.3 and higher.

Restart the server

Test the syntax in the config file with this command:

apachectl -t

If this checks out, save your changes and restart Apache.

You can restart using these apachectl commands:

apachectl restart
apachectl stop
apachectl start

If the Apache service fails to restart or the SSL does not get installed, ensure the configuration file is created properly. If you run into any problems, you can always return to the previously created backup of your config file; by renaming it back to it’s original name, and perform another restart.

Simple and Performant Security.
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.