Question

SSL certificate is acquired but not is not showing

Posted January 28, 2020 105 views
Apache

Hi all,

I’m new to web development and I recently added an SSL certificate in my DO account for my website.

What do I do now? I’ve been looking around the web and I can’t seem to find a definitive answer that applies to my problem.

Basically my website is http://example.com and I want https://example.com to replace this http one. I’ve acquired an SSL certificate but how to apply it to my domain? I have a Fingerprint (SHA1) code - does this go somewhere?

Some suggested that it’s though .htaccess but others say you do it through the terminal.

How can I get my https to work?

Thanks!
Jonny

Add a comment
jonathandouglas
By:
jonathandouglas
edited by MattIPv4
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
alexdo January 29, 2020

Hello, @jonathandouglas

There are a few things that you need to do in order to install the SSL Certificate on your droplet.

I assume that you’re using Ubuntu droplet with Apache running as the web server so I’ll try to explain how to install the SSL on this platform.

You need to make sure that port 443 (https) is open before you go with the install. First you can check if your Firewall is enabled/running with the following command:

sudo ufw status

If it’s enabled you will see the following output:

Status: active and if not the output will be: inactive

To additionally let in HTTPS traffic, we can allow the “Apache Full” profile and then delete the redundant “Apache” profile allowance:

sudo ufw allow 'Apache Full'

sudo ufw delete allow 'Apache'

you can also use:

sudo ufw allow 443

If ufw is not enabled you can enable it with the following command:

sudo ufw enable

and then run the commands from above and then disable it once you’re done

sudo ufw disable

You can upload your SSL files in the /etc/ssl directory, this is where the SSL files are stored by default, so uploading them there is considered as best practices.

Once this is done you need to alter the Apache virtual configuration file for your domain name and make sure that the SSL files are loaded. You need to either adjust or create a virtual host for port 443, e.g

<VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on

                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

By default the apache configuration files should be stored in /etc/apache2/sites-available and they should have symlinks in /etc/apache2/sites-enabled as well so this is where you should check for your Virtual Host file.

You need to edit the SSLCertificateFile and SSLCertificateKeyFile rows and update them to point with the full path to the SSL files you’ve uploaded earlier in /etc/ssl directory.

You can use this tutorial for help as well:

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-18-04

However you should only look for the steps and not to generate and install the Self-signed SSL, because you already have one.

You can check this one as well:

https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority

Let me know how it goes.

Regards,
Alex

How To Install an SSL Certificate from a Commercial Certificate Authority
by Mitchell Anicas
This tutorial will show you how to acquire and install an SSL certificate from a trusted, commercial Certificate Authority (CA). SSL certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. The...
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help