SSL Certificates with Apache on Debian & Ubuntu

Configure Apache to use the SSL Certificate

  1. Edit the virtual host configuration files located in /etc/apache2/sites-available to provide the certificate file paths. For each virtual host, replicate the configuration shown below. Replace each mention of with your own domain. You will also need to ensure that the SSLCACertificateFile value is configured to point to the ca-certificates.crt file updated in the previous step:

file: /etc/apache2/sites-available/

<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/
SSLCertificateKeyFile /etc/ssl/private/
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt #If using a self-signed certificate, omit this line

ServerAlias #If using alternate names for a host
DocumentRoot /var/www/html/
ErrorLog /var/www/html/
CustomLog /var/www/html/ combined

  1. Ensure that the Apache SSL module is enabled, and enable the virtualhost configuration:
    a2enmod ssl
  2. Restart Apache:
    service apache2 restart
  3. If troubleshooting issues, a system reboot may be required.

Test Your Configuration

After configuration, some browsers may display the site correctly although errors still exist. Test your SSL configuration using the test page at your certificate issuer’s website, then perform the following steps.

  1. Check for errors using openssl s_client:
    openssl s_client -CApath /etc/ssl/certs/ -connect