SSl installation and configuration on ubuntu 14.04

Posted May 26, 2014 7.6k views
Hi, I purchased ssl certificate from and am trying to install it on my droplet, here what I did: - I generated CSR with common-name= as described in digitalocean tutorials. - I purchased the certificate for - I downloaded 3 files from networksolutions: - WWW-MYDOMAIN-COM.crt - AddTrustExternalCARoot.crt - NetworkSolutionsDVServerCA.crt - I went to /etc/apache2/site-available/default-ssl.conf and edited the following: - SSLEngine on - SSLCertificateFile /etc/apache2/ssl/WWW.MYDOMAIN.COM.crt - SSLCertificateKeyFile /etc/apache2/ssl/mydomain.key - Added ServerName - SSl enable - Apache2 restart But it is not working, what did I miss? thanks,

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
10 answers
Make sure you also add in apache's config file:
SSLCertificateChainFile /path/to/your/CA.crt

And in CA.crt put contents of AddTrustExternalCARoot.crt and NetworkSolutionsDVServerCA.crt one after another.
@jerzy, did not work!

I also checked iptables and opened https port, still didn't work. please help! :)
Guys I am stuck here, I checked every tutorial on the internet, and its not working! any help will be much appreciated, Thanks
What's the domain? Do you get any errors?
Are you seeing any errors in /var/log/apache2/error.log ?
No errors in log file.

my domain is
hostname output is: fansrepublic
hostname -f output is: fansrepublic
in dns I set CNAME to: www : @

/etc/hosts content is: localhost fansepublic

I can open website, but not when I type https.

I don't know of this information is related, but maybe deserve mentioning

It looks like there's nothing listening on port 443. Can you pastebin the output of the following commands?
# List used ports

sudo netstat -plutn
# Output firewall rules
sudo iptables-save

root@fansepublic:/etc# sudo netstat -plutin
Kernel Interface table
eth0 1500 0 2100052 0 0 0 188399 0 0 0 BMRU
lo 65536 0 25507 0 0 0 25507 0 0 0 LRU

root@fansepublic:/etc# sudo iptables-save
# Generated by iptables-save v1.4.21 on Tue May 27 12:58:06 2014
:OUTPUT ACCEPT [47745:20516892]
:fail2ban-ssh - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4268 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A fail2ban-ssh -j RETURN
# Completed on Tue May 27 12:58:06 2014
Oh! ok guys I found my mistake: i changed the order of https rule in iptables to be before drop rule.

But, now I get SSL connection error in browser!! and there is nothing in error.log too

thank you Kamal for putting me in the right direction, but do u know what might cause SSL connection error?
That's because your SSL certificate is valid only for and not I would contact Network Solutions (or whoever your SSL issuer is) and see if you can reissue your certificate so that it works on (If that's possible, take a backup of your current SSL certificate, and regenerate the CSR with "" as the Common Name, not "").