<coded>


Create SSL Certificate for your domain/vhost on Debian

May 16, 2022

Setting up your domain in apache is not a big deal at all. Same goes for the SSL Certificate, as it is most likely configured in about 5 minutes.

Requirements

1. Example vhost file for our port 80

Your apache vhost file should look something like this and be already ready to use:

<VirtualHost *:80>
    ServerAdmin admin@yourdomain.com
    DocumentRoot /var/www/html/yourproject
    ServerName yourdomain.com
    ServerAlias www.yourdomain.com

    Alias / "/var/www/html/yourporject/"

    <Directory /var/www/html/yourproject>
        Options +FollowSymlinks
        AllowOverride All
    </Directory>
</VirtualHost>

2. Install Certbot

First install certbot if not done yet:

apt-get install certbot -y

3. Register certificate

Before we can register our certificate shutdown apache:

systemctl stop apache2

Now start the process

certbot certonly --standalone -d yourdomain.com

For the first time you will be prompted now with some additional information, like your email adress. Fill all data and accept the TOS.

Your certificate is now ready to use.

4. Start apache again

To keep your downtimes low you can already start apache again:

systemctl start apache2

Don't forget to enable ssl module for apache2

a2enmod ssl

5. Adjust your vhost file

Let's edit your vhost file with nano:

cd /etc/apache2/sites-available/
nano yourdomain.com.conf

Your file should look like this. What we do is redirect all traffic on port 80 directly to port 443 SSL. Don't forget to add lines for SSLCertificateFile and SSLCertificateKeyFile.

<VirtualHost *:80>
    ServerName yourdomain.com
    ServerAlias www.yourdomain.com
    Redirect permanent / https://yourdomain.com/
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin admin@yourdomain.com
    DocumentRoot /var/www/html/yourproject
    ServerName yourdomain.com
    ServerAlias www.yourdomain.com

    Alias / "/var/www/html/yourporject/"

    <Directory /var/www/html/yourproject>
        Options +FollowSymlinks
        AllowOverride All
    </Directory>

    SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
</VirtualHost>

6. Reload apache configuration

If your apache is still offline until now, a normal start should be enough. If apache already running again, reload the config now:

systemctl reload apache2

If everything is without errors, your domain should run on SSL now.

Did you find this useful? Please rate this post: