SSl installation and configuration on ubuntu 14.04


I purchased ssl certificate from and am trying to install it on my droplet, here what I did:

  • I generated CSR with common-name= as described in digitalocean tutorials.
  • I purchased the certificate for
  • I downloaded 3 files from networksolutions: - WWW-MYDOMAIN-COM.crt - AddTrustExternalCARoot.crt - NetworkSolutionsDVServerCA.crt
  • I went to /etc/apache2/site-available/default-ssl.conf and edited the following: - SSLEngine on - SSLCertificateFile /etc/apache2/ssl/WWW.MYDOMAIN.COM.crt - SSLCertificateKeyFile /etc/apache2/ssl/mydomain.key - Added ServerName
  • SSl enable
  • Apache2 restart

But it is not working, what did I miss?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

That’s because your SSL certificate is valid only for and not I would contact Network Solutions (or whoever your SSL issuer is) and see if you can reissue your certificate so that it works on (If that’s possible, take a backup of your current SSL certificate, and regenerate the CSR with “” as the Common Name, not “”).

Oh! ok guys I found my mistake: i changed the order of https rule in iptables to be before drop rule. <br> <br>But, now I get SSL connection error in browser!! and there is nothing in error.log too <br> <br>thank you Kamal for putting me in the right direction, but do u know what might cause SSL connection error? <br>

<Netstat output> <br> <br>root@fansepublic:/etc# sudo netstat -plutin <br>Kernel Interface table <br>Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg <br>eth0 1500 0 2100052 0 0 0 188399 0 0 0 BMRU <br>lo 65536 0 25507 0 0 0 25507 0 0 0 LRU <br> <br><iptables output> <br> <br>root@fansepublic:/etc# sudo iptables-save <br># Generated by iptables-save v1.4.21 on Tue May 27 12:58:06 2014 <br>*filter <br>:INPUT ACCEPT [0:0] <br>:FORWARD ACCEPT [0:0] <br>:OUTPUT ACCEPT [47745:20516892] <br>:fail2ban-ssh - [0:0] <br>-A INPUT -i lo -j ACCEPT <br>-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh <br>-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 4268 -j ACCEPT <br>-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT <br>-A INPUT -j DROP <br>-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT <br>-A fail2ban-ssh -j RETURN <br>COMMIT <br># Completed on Tue May 27 12:58:06 2014