How to Install SSL Certificate on Apache Ubuntu Web Server

install ssl certificate on apache ubuntu

HTTPS protocol encrypts the data transferred between your browser and web server. It not only makes your website more secure but also improves its credibility. Here are the steps to install SSL certificate on Apache Ubuntu Web Server.

Before you begin, please make sure that you download the primary, intermediate, and root certificate files issued by Certificate Authority (CA) like Symantec, Norton, RapidSSL, Comodo, Verisign, etc. You’ll receive them via email once you place the order on their site. Then you need to create a certificate signing request (CSR) using OpenSSL tool on Ubuntu, and submit it to your certificate authority, so they can verify your site’s identity, every time your users visit its pages.


How to Install SSL Certificate on Apache Ubuntu Web Server

Here are the steps to install SSL certificate on Apache Ubuntu Web Server


1. Copy/Paste the certificate files to your server

To begin with, copy the primary (your_domain.crt) and intermediate certificate (CertificateAuthority.crt) to a directory on your Ubuntu Server where you want to store all certificate and key files. Primary certificate is also called SSL certificate. It will be named after your domain while the intermediate file will be named after the issuing authority (e.g RapidSSL, Comodo, Thawte, etc).


2. Edit Apache Config file

By default, you’ll find Ubuntu Apache configuration file at /etc/apache2/sites-enabled/your_domain

If you are unable to find it at that location, you can find it with the command

$ sudo a2ensite your_domain

Open it using a text editor. If you want your website to be accessible over both HTTP and HTTPS then you need to create 2 separate config files, one for HTTP (port 80) and the other for HTTPS (port 443).

If you want your website to be available only via HTTPS, then you can directly edit the config file’s <VirtualHost> block.


3. Configure Virtual Host block

Here’s a sample Virtual Host block for SSL (port 443)

DocumentRoot /var/www/
SSLEngine on
SSLCertificateFile /path/to/your_domain.crt
SSLCertificateKeyFile /path/to/private_key.crt
SSLCertificateChainFile /path/to/CertificateAuthority.crt


Update your Virtual Host block to make sure that:

  • SSLCertificateFile is your certificate file (e.g your_domain.crt)
  • SSLCertificateKeyFile is the private key file you create during the creation of CSR
  • SSLCertificateChainFile is the intermediate file issued by Certificate Authority (e.g CertificateAuthority.crt)


4. Test Apache Config File and Restart Server

You need to restart Apache server to apply changes. However, it won’t restart if there are any errors in its config file. So test it with the command

$ apachectl configtest

In some systems it is (apache2ctl)

You’ll see a message “Syntax OK”, with some warnings in some cases.


Restart your Apache web server

$ apachectl stop
$ apachect1 start

If Apache doesn’t restart with SSL enabled, then try apachectl startssl instead of apachectl start

Open your web browser and go to to see if your site loads over HTTPS.


Congratulations! You have installed SSL certificate on Apache Ubuntu Web Server.



About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!