How to Enable HTTPS on Your Apache Ubuntu Web Server


I thought this is an easy task, but after searching for various ways on the internet, it is not as simple as I imagined. There are many ways to enable HTPPS on your web server depending on what server software is used, the operating system, and where the server is running.

In my case, I will write how to enable HTTPS web server using Apache on Ubuntu Linux operating system. Here I use Oracle Cloud Compute so there is a special step that needs to be done because by default port 443 is not in iptables. This tutorial is for Apache on Ubuntu, not limited to Oracle Cloud, if your server is not on Oracle Cloud, you can skip this step and still continue. 🙂

There are three steps that need to be done here.

  • Open port 443 (usually it’s disabled)
  • Setting up Apache for HTTPS
  • Create certificate signed by Certificate Authority CA

You may ask why the certificate doesn’t just use one from OpenSSL? It’s easy to create one by using only one command line.

the answer: Apparently I have tried a self-signed certificate, but when Google Chrome opens my site, it is still considered a dangerous site. Why? Because the certificate that we have is not signed by a trusted Certificate Authority. Therefore we must have a certificate signed by CA as a trusted third party.

Enabling HTTPS on Oracle Cloud Compute

It turns out that no special way is needed to turn on HTTPS on a server running on Oracle Cloud Compute. But make sure you have turned on the Apache HTTP Web Server using the guidelines here.

These guidelines are for HTTP only. For HTTPS you need to add one more step when setting up the iptables firewall by opening port 443 as follows.

sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo netfilter-persistent save

Enabling HTTPS on Apache2

Enable Apache SSL and rewite modules

a2enmod ssl
a2enmod rewrite

Edit the Apache configuration file.

vi /etc/apache2/apache2.conf

Add the following lines at the end of this file.

<Directory /var/www/html>
AllowOverride All
</Directory>

Now let’s create a directory for the certificate.

mkdir /etc/apache2/certificate

Edit the Apache configuration file for the default website.

vi /etc/apache2/sites-enabled/000-default.conf

We will also redirect the HTTP to HTTPS.

<VirtualHost *:80>
        RewriteEngine On
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</virtualhost>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/certificate/fullchain.pem
        SSLCertificateKeyFile /etc/apache2/certificate/privkey.pem
</VirtualHost>

We’ve done setting up the Apache. Now let’s create the certificate.

Generate SSL Certificate

We will use Certbot from Let’s Encrypt to generate our signed certificate.

Install certbot via snapd.

sudo apt install snapd
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Create the certificate, for example, our site domain is yourdomain.com. This will create a wildcard certificate valid for all subdomains for yourdomain.com.

sudo certbot certonly --manual --preferred-challenges=dns --email admin@yourdomain.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.yourdomain.com

After that, you will be asked some questions, and they will give you a DNS TXT record challenge.

Just create a DNS TXT record under the name _acme-challenge.yourdomain.com on your domain hosting, then add the TXT record they provided.

After that, press enters to verify the domain. Once were receive the success verification message, the key and certificate will be created in this location.

/etc/letsencrypt/live/your_domain/fullchain.pem
/etc/letsencrypt/live/your_domain/privkey.pem

We need to move the certificate to the Apache certificate directory.

mv /etc/letsencrypt/live/your_domain/*.pem /etc/apache2/certificate/

Finish! Now restart the Apache.

service apache2 restart

Visit your site using HTTPS, it should be working right now! 🙂

References:


Leave a Reply

Your email address will not be published.