Really Simple SSL

How to install an SSL certificate on Apache

If you have generated your Really Simple SSL Let’s Encrypt certificate, and you don’t have any of the automated installation options (shell, cPanel with API, Plesk with API or Cloudways), you’ll need to install the certificate manually on your Apache server.

Download your certificate files

At the end of the Let’s Encrypt SSL certificate generation in the Really Simple SSL wizard, you see several buttons with which you can download the required files: a certificate.crt and a private.pem file. You can either copy the contents, of download the file.

Locate the apache configuration file

Depending on your server and/or operating system, the configuration file may be called httpd.conf, apache2.conf or ssl.conf and may be located at /etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf. The configuration file contains the Virtual Hosts for all domains that are hosted on the server.

Please note that if you have Apache server installed on an Ubuntu operating system, each site has a separate configuration that can be found at /etc/apache2/sites-enabled/.

Configure the virtual host section

You’ll need to add/modify the virtual host for port 443 in the configuration file you found in the previous steps. Make a backup before proceeding. You can do this by simply creating a duplicate of the .conf file to .conf-bkp.

The virtual host file should have the following directives, without any comments tags (#) in front:

SSLEngine on
SSLCertificateFile pointed to the location of the Certificate issued for your domain name
SSLCertificateKeyFile pointed to the location of your Private Key on the server.

The Virtual Host for 443 port should look the following way:

ServerAdmin your@email-address.com
DocumentRoot var/www
ServerName www.really-simple-ssl.com
ErrorLog www/home/logs/error_log
SSLEngine on
SSLCertificateFile /etc/ssl/certificate.crt
SSLCertificateKeyFile /etc/ssl/private.pem

Enabling OCSP Stapling

OCSP Stapling improves performance of your certificate. To enable, you can add to the Virtual Host:

SSLUseStapling on

To specify the OCSP cache response location and size outside of the Virtual Host section:

SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

Note: OCSP Stapling is only enabled for configuration from Apache HTTP server 2.3.3 and higher.

Restart the server

Test the syntax in the config file with this command:

apachectl -t
If this checks out, save your changes and restart Apache.

You can restart using these apachectl commands:

apachectl restart
apachectl stop
apachectl start
If the Apache service fails to restart or the SSL does not get installed, make sure the configuration file is created properly. If you run into any problems, just put back the backup of your config file, and do another restart.

Rogier

Rogier

Related articles

Leave a Reply

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!

Integrate with Really Simple SSL

Really Simple SSL offers a Free SSL Certificate from Let’s Encrypt. Do you want to integrate with Really Simple SSL as a hosting provider? Let us know!

Choose the answer that most closely resembles your proposed integration. Additional information can be entered below.
After sending the form. The pop-up will close automatically.