First you need to have the SSL certificate generated.

Normally the steps are

  • Generate CSR (certificate request)
  • Send it to a company that you’ll buy the SSL from
  • Install it.

If you have used or want  to use Let’s Encrypt SSL certificates here are the lines that are needed.

To install the SSL add these to the virtual host and then test the config & ask apache to reload its config file(s)

SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem

 

The final virtual conf file would look like this.

#############################################################################
# /etc/apache2/sites-enabled/example.com.conf
# example.com

ServerAdmin admin@example.com
DocumentRoot /var/www/vhosts/example.com/htdocs

ServerName example.com
ServerAlias www.example.com

#LogLevel debug
RewriteEngine On
ErrorLog /var/www/vhosts/example.com/logs/error.log
CustomLog /var/www/vhosts/example.com/logs/common.log common

Allow from all

#/etc/apache2/ssl

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem

# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
#SSLCompression off
<h6>#######################################################################

The next step is to test if apache configuration syntax is OK.

apachectl configtest

If you don’t see any errors it’s time to reload apache’s configuration.

service apache2 reload

 

If you see errors you may have to enable the mod_ssl module by doing this:

a2enmod ssl

 

Check the output and apache will show you if you need to reload the configuration or if you need to restart apache server.

 

service apache2 reload

or

service apache2 restart

 

I recommend that you always try with reloading configuration first because that way your visitors won’t see any errors with the connection to your server.

 

Free WordPress Sandbox

Do you want to get a free test/Sandbox WordPress site? Join Now

Feedback

If something needs correcting in this article, you have an idea or suggestion always let us know