How to Install and Configure SSL Certificates in Apache?

This guide will walk you through the complete process of setting up Apache with SSL (HTTPS) on an Ubuntu server. By the end, your Apache web server will be configured with a valid SSL certificate and ready to securely serve web trafficnumber in the ports section.

Prerequisites

  • Ubuntu VM with root access (root password set)

  • Ports 80 and 443 must be open in the Security Group

Step 1: Run the following command to install Apache: 

apt install apache2

Step 2: Enable Required Apache Modules

Run the following commands to load necessary modules:

sudo a2enmod ssl

sudo a2enmod proxy

sudo a2enmod proxy_http

sudo a2enmod headers

sudo a2enmod rewrite

Step 3: Restart the Apache Service

sudo systemctl restart apache2

Step 4: Verify Apache Installation

  • Open a browser and enter the server's IP address.

  • You should see the Apache default page.

  • Ensure ports 80 and 443 are open in the Security Group.

Step 5: Check Listening Ports

Run command:

netstat -tulnp

Note: If port 443 is allowed in the security group but not listening on the server, open and edit ports.conf:

  • cd /etc/apache2/

  • sudo nano ports.conf

To use a custom port instead of 443:

  • Replace 443 with your desired port in ports.conf

  • Open that custom port in the Security Group

Restart Apache:

  • sudo apachectl configtest

  • sudo systemctl restart apache2

Important Note: Before restarting Apache after any config change, run this command: 

sudo apachectl configtest

If output is Syntax OK, proceed with a restart.

Step 6: Disable Default Site

  • Cd /etc/sites-enabled 

ls

It lists the enabled default site name

sudo a2dissite 000-default.conf

Step 7: Create Reverse Proxy Configuration File

sudo nano /etc/apache2/sites-available/reverse-proxy.conf

Add this content to the file :

<VirtualHost *:80> 
ServerName apache-poc-test.theacecloud.com
ServerAlias apache-poc-test.theacecloud.com
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
ProxyPreserveHost On
ProxyPass / 
http://localhost:8080/

ProxyPassReverse / 
http://localhost:8080/

ErrorLog ${APACHE_LOG_DIR}/reverse-proxy-error.log
CustomLog ${APACHE_LOG_DIR}/reverse-proxy-access.log combined </VirtualHost>

(Update domain name as per your setup)

Step 8: Apply SSL Using Certbot

Commands:

  • sudo snap install --classic certbot

  • sudo ln -s /snap/bin/certbot /usr/bin/certbot

  • sudo certbot –apache

Follow prompts:

  • Enter email

  • Agree to terms – press y

  • Select domain (ensure the domain points to the correct server IP)

Once SSL is deployed, it creates:

reverse-proxy-le-ssl.conf(Verify its content, this should be present in this file)

Once the above steps are completed, your setup should now be successfully configured. Please review the configuration again to verify everything is working correctly.

PreviousHow to Attach a Floating IP via pfSense?NextInstalling and Configuring pfSense Firewall on AceCloud (via OpenStack Horizon)

Last updated

Was this helpful?