Installing SSL Certificate on Apache

You can find instructions for installing an SSL certificate on an Apache webserver below.

Before You Start

Please make sure you have downloaded your certificate files. Still haven't downloaded your certificate? To get instructions on how to download your certificate (.zip), you can click here.

After downloading your certificate, you should have a ZIP containing the following certificate files:

  • certificate.crt
  • ca_bundle.crt
  • private.key

  1. Upload Certificate to Server

    First, copy your certificate files to the directory where you keep your certificate and key files. Typically, this directory is /etc/ssl/ for your certificate.crt and ca_bundle.crt files, and /etc/ssl/private/ for your private.key file.

  2. Locate Configuration File

    Next, you will need to find the Apache configuration file on your server. Depending on the server and OS version you are running on, the configuration file is stored in different directories. Typically, you could search the directories etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf for files named httpd.conf, apache2.conf or ssl.conf.

  3. Configure Virtual Host

    Once the Apache configuration file is located, you will need to configure the virtual host section of your website. Before you do so, please make sure to create a backup of your current *.conf file. This way, you will be able to undo any changes in case something goes wrong.

    A typical Virtual Host file looks like the file below:

    ServerAdmin   admin@domain.com
    DocumentRoot  /var/www/
    ServerName    www.domain.com
    ErrorLog      /www/home/logs/error_log
    SSLEngine                on
    SSLCertificateFile       /etc/ssl/certificate.crt
    SSLCertificateKeyFile    /etc/ssl/private.key
    SSLCertificateChainFile  /etc/ssl/ca_bundle.crt

    The part above highlighted in bold is the one you will need to edit based on the file paths your certificate files are located in. Please make sure the attributes in bold don't have a "#" (comment) prepended; if they do, please remove that symbol to uncomment them.

    As mentioned above, you will need to change the file names to match your certificate files and their location on the server:

    • SSLCertificateFile: This is your primary SSL certificate file (certificate.crt)
    • SSLCertificateChainFile: This is your CA-Bundle file (ca_bundle.crt)
    • SSLCertificateKeyFile: This is your private key file (private.key)
  4. Save & Restart the server

    Next, save your Apache configuration file and restart your server using one of the commands below:

    • apachectl stop
    • apachectl start
    • apachectl restart

    In case something goes wrong along the way, please rest assured that you will be able to revert your Apache configuration file using the backup you have created earlier in the process. This way, you will be able to start over again.

  5. Check Installation

    You have completed all the required steps to install your SSL certificate. To check whether or not your certificate has been installed correctly, simply use the built-in ZeroSSL "Check Installation" tool or try accessing your domain using HTTPS, e.g. https://domain.com.


  Congratulations

Your site has now been secured using your new SSL certificate!

  Tips

  • Please check that the mod_ssl apache module is installed and enabled.
    (run sudo a2enmod ssl to enable it).
  • Furthermore, please make sure that no firewall is blocking traffic to port 443 (HTTPS) on your server.
To verify that everything is working please use a web browser or the curl cli.
Was this article helpful?
0 out of 1 found this helpful