Question

Moving a Godaddy SSL certificate to apache ubuntu 14.04

Posted October 12, 2014 36.1k views

I have a Godaddy SSL certificate and is connect with my domain and the domain is
connect with my droplet.

in my server I have on my folder “/etc/apache2/ssl/” two files “domain.com.csr and domain.com.key”

I have past the code from “domain.com.csr” on Godaddy SSL CSR

Godaddy give me two files “62gyg787t86.crt and bundle-g2-g1.crt”
and I have move those file into “/etc/apache2/ssl/”
so now I have four files “domain.com.csr, domain.com.key, 62gyg787t86.crt and bundle-g2-g1.crt”

On my the folder “/etc/apache2/sites-available” I have the a file call default-ssl.conf
inside this file I have make some change

ServerName domain.com:443
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain.com.csr
SSLCertificateKeyFile /etc/apache2/ssl/domain.com.key
SSLCertificateChainFile /etc/apache2/ssl/bundle-g2-g1.crt

I have try “SSLCertificateFile” with “/etc/apache2/ssl/62gyg787t86.crt” but nothing happen

and after all this process I reload apache
but my SSL does not work any idea why?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
5 answers

Please follow these steps from the beginning

step 1 :
take a backup of your 000-default.conf
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.bkp

step 2:
create a file in /etc/apache2/sites-available directory with your sitename.conf
touch /etc/apache2/sites-available/example.com.conf

step 3: enable your site
a2ensite example.com
or
a2ensite example.com.conf

step 4
delete all content of 000-default.conf and put these code

<VirtualHost *:443>
        ServerAdmin admin@example.com
        DocumentRoot /var/www/html
        ServerName example.com
        ServerAlias www.example.com
        SSLEngine on
        SSLCertificateFile /address/of/your/certificate.crt
        SSLCertificateKeyFile /address/of/your/keyfile.key
        SSLCACertificateFile /address/of/your/certificate_chain_file.crt
        <Directory /var/www/html>
        Options FollowSymLinks
        AllowOverride All
        </Directory>
</VirtualHost>

<VirtualHost *:80> 
    ServerName example.com
    ServerAlias www.example.com 
    Redirect permanent / https://www.example.com
</VirtualHost>

step 5
apachectl configtest

Step 6
restart apache

This works for me in Apache 2.4.12

SSLEngine On
SSLOptions +StrictRequire
SSLCertificateFile /etc/apache2/ssl/godaddy.crt
SSLCertificateKeyFile /etc/apache2/ssl/new.key
SSLCACertificateFile /etc/apache2/ssl/gd_bundle-g2-g1.crt

Have you tried this:

a2enmod ssl; service apache2 restart

Also, you should have created a new key, built a new CSR, then pasted the CSR in GoDaddy to get the proper certificate.

to create a new key:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout /etc/ssl/private/new.key

Then, you grab the CSR:

cat CSR.csr

input it into GoDaddy, generate the new certificate, import it into the server (I’d place it in /etc/ssl/certificates/new.crt), then use this config:

ServerName domain.com:443
SSLEngine on
SSLCertificateFile /etc/ssl/certificates/new.crt
SSLCertificateKeyFile /etc/ssl/private/new.key
SSLCertificateChainFile /etc/apache2/ssl/bundle-g2-g1.crt

I have the same issue, I have completely done as discussed above. but I am unable to open site with https:

After install SSL certificate apache2 is not restart , I got the error
ubuntu@ip-172-31-7-61:/etc/apache2$ sudo service apache2 restart

  • Restarting web server apache2 (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443 Apache needs to decrypt your SSL Keys for movingscenes.com:443 (RSA) Please enter passphrase:Action ‘start’ failed. The Apache error log may have more information. [fail] ubuntu@ip-172-31-7-61:/etc/apache2$

Please help me , Please.
Thanks

Submit an Answer