Hello, @jonathandouglas
There are a few things that you need to do in order to install the SSL Certificate on your droplet.
I assume that you’re using Ubuntu droplet with Apache running as the web server so I’ll try to explain how to install the SSL on this platform.
You need to make sure that port 443 (https) is open before you go with the install. First you can check if your Firewall is enabled/running with the following command:
sudo ufw status
If it’s enabled you will see the following output:
Status: active and if not the output will be: inactive
To additionally let in HTTPS traffic, we can allow the “Apache Full” profile and then delete the redundant “Apache” profile allowance:
sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'
you can also use:
sudo ufw allow 443
If ufw
is not enabled you can enable it with the following command:
sudo ufw enable
and then run the commands from above and then disable it once you’re done
sudo ufw disable
You can upload your SSL files in the /etc/ssl
directory, this is where the SSL files are stored by default, so uploading them there is considered as best practices.
Once this is done you need to alter the Apache virtual configuration file for your domain name and make sure that the SSL files are loaded. You need to either adjust or create a virtual host for port 443, e.g
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
By default the apache configuration files should be stored in /etc/apache2/sites-available
and they should have symlinks in /etc/apache2/sites-enabled
as well so this is where you should check for your Virtual Host file.
You need to edit the SSLCertificateFile and SSLCertificateKeyFile rows and update them to point with the full path to the SSL files you’ve uploaded earlier in /etc/ssl
directory.
You can use this tutorial for help as well:
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-18-04
However you should only look for the steps and not to generate and install the Self-signed SSL, because you already have one.
You can check this one as well:
https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority
Let me know how it goes.
Regards,
Alex