If you have generated your Really Simple SSL Let’s Encrypt certificate, and you don’t have any of the automated installation options (shell, cPanel with API, Plesk with API or Cloudways), you’ll need to install the certificate manually on your Apache server.
Download your certificate files
At the end of the Let’s Encrypt SSL certificate generation in the Really Simple SSL wizard, you see several buttons with which you can download the required files: a certificate.crt and a private.pem file. You can either copy the contents, of download the file.
Locate the apache configuration file
Depending on your server and/or operating system, the configuration file may be called httpd.conf, apache2.conf or ssl.conf and may be located at /etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf. The configuration file contains the Virtual Hosts for all domains that are hosted on the server.
Please note that if you have Apache server installed on an Ubuntu operating system, each site has a separate configuration that can be found at /etc/apache2/sites-enabled/.
Configure the virtual host section
You’ll need to add/modify the virtual host for port 443 in the configuration file you found in the previous steps. Make a backup before proceeding. You can do this by simply creating a duplicate of the .conf file to .conf-bkp.
The virtual host file should have the following directives, without any comments tags (#) in front:
SSLEngine on SSLCertificateFile pointed to the location of the Certificate issued for your domain name SSLCertificateKeyFile pointed to the location of your Private Key on the server.
The Virtual Host for 443 port should look the following way:
ServerAdmin [email protected] DocumentRoot var/www ServerName www.really-simple-ssl.com ErrorLog www/home/logs/error_log SSLEngine on SSLCertificateFile /etc/ssl/certificate.crt SSLCertificateKeyFile /etc/ssl/private.pem
Enabling OCSP Stapling
OCSP Stapling improves performance of your certificate. To enable, you can add to the Virtual Host:
To specify the OCSP cache response location and size outside of the Virtual Host section:
Note: OCSP Stapling is only enabled for configuration from Apache HTTP server 2.3.3 and higher.
Restart the server
Test the syntax in the config file with this command:
If this checks out, save your changes and restart Apache.
You can restart using these apachectl commands:
If the Apache service fails to restart or the SSL does not get installed, make sure the configuration file is created properly. If you run into any problems, just put back the backup of your config file, and do another restart.