How do I redirect from http to https on apache2.

July 26, 2017 31k views
Apache Let's Encrypt Deployment DigitalOcean Security Ubuntu 16.04
elecsoftconsult
By:
elecsoftconsult

I need to redirect a website already up and running on a digital ocean server from http://www.example.com to https://www.example.com. I've been working on it all day and have been able to generate an ssl certificate from lets encrypt and have stored it in a specific file in my directory. I know I need to give the server the location of the certificate but I dont know where I have to type that in. I tried following a tutorial https://www.digicert.com/ssl-certificate-installation-ubuntu-server-with-apache2.htm
but that doesnt seem to work either.
On running a config test, I get an error saying that snakeoil.key (private key) file does not exist. Although when I sudo nano that file, I can see the key (it does exist!) I dont know what to do here anymore. Any help will be greatly appreciated. Thanks!

Log In to Comment
4 Answers
hansen July 27, 2017

@elecsoftconsult

Okay, can you remove the HTTPS (443) VirtualHost, since it doesn't work currently and it's just Let's Encrypt. And remove the redirect VirtualHost that I posted.
Now your site should just work with HTTP (80).

Then go and follow this tutorial:
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

How To Secure Apache with Let's Encrypt on Ubuntu 16.04
by Erika Heidi
This tutorial will show you how to set up a free TLS/SSL certificate from Let’s Encrypt on a Ubuntu 16.04 server running Apache as web server. TLS certificates are used within web servers to encrypt the traffic between server and client, providing extra security for users accessing your application.
Reply
hansen July 27, 2017

Hi @elecsoftconsult

Can you post your VirtualHost configurations (both the one for port 80 and 443). It will be easier to help then.
Make sure your snakeoil.key file is readable by the same user/group as Apache, which is normally www-data

One way is to change your port 80 Virtualhost to this and restart Apache:

<VirtualHost *:80>
  ServerName yourdomain.com
  Alias www.yourdomain.com
  Redirect permanent / https://www.yourdomain.com/
</VirtualHost>
Reply
  • elecsoftconsult July 27, 2017

    Hi @hansen

    Thank you so much for this quick reply! I tried looking for the virtualhost file a lot but couldn't find it. Would you happen to know which folder it resides in?

    Thank you in advance.

    • hansen July 27, 2017

      @elecsoftconsult

      Run this command to list your sites and their configuration:

      sudo apache2ctl -S
      • elecsoftconsult July 27, 2017

        @hansen

        Thank you so much... I made the changes to the virtual host *80 file. When i tried restarting using apache2ctl restart I get an error saying Alias takes two arguments, a fakename and a realname. Action restart failed.

        • hansen July 27, 2017

          @elecsoftconsult
          Sorry, my bad - Alias should be ServerAlias:

          <VirtualHost *:80>
  ServerName yourdomain.com
  ServerAlias www.yourdomain.com
  Redirect permanent / https://www.yourdomain.com/
</VirtualHost>
          • elecsoftconsult July 27, 2017

            @hansen

            made that change and tried restarting again. It still says that it cant find snakeoil.key or it does not exist. I checked using nano and the key does exist. I went into the 443 virtualhost to try and make sure the directory paths were correct. When I got the ssl certificate, it said that both the certificate and the chain file were stored in the same .pem file. I added a SSLCertificateChainFile path to the same SSLCertificateFile (which points to the snakeoil.key) because it said it was fine to do so in the comments in that file itself. That did not work either.

sebestyenmiklos April 30, 2018

In yourvirtualhost.com.conf file put the following configuration:


<VirtualHost *:80>
        ServerName <ip_or_host>
        Redirect "/" "https://<ip_or_host>"
</VirtualHost>

<VirtualHost *:443>
        ServerName <ip_or_host>
        DocumentRoot /var/www/whateverfolder
        SSLEngine on
        SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
        <Directory /var/www/whateverfolder/public>
           DirectoryIndex index.php
           AllowOverride All
           Require all granted
        </Directory>
</VirtualHost>

Some of the parameters have to be changed or commented out, depends on your previous configuration steps.

Reply
webman July 20, 2018
Reply
Have another answer? Share your knowledge.

Related Questions