How To Install an SSL Certificate to Digital Ocean (Ubuntu Apache)
How To Install an SSL Certificate to Digital Ocean (Ubuntu Apache)
Requirements:
Create a folder for your keys and certificates
mkdir /etc/apache-sp/appname
Generate a CSR and Private Key
Navigate to the newly created directory
cd /etc/apache-sp/appnameThen generate a CSR and Private Key with the command below:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csrYou will be ask to answer various questions:
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:New York Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:sammy@example.comNow you need to copy the generated CSR code using this command:
cat yourdomain.com.csr
Purchase an SSL Certificate
In this case you need to purchase SSL certificate in this link.
Installing SSL certificate on your Digital Ocean server
Download certificates and upload it to the directory that we created earlier – /etc/apache-sb/appname/. You should have 4 files within that directory:
1. The certificate signing request (CSR): yourdomain.com.csr
2. The private key: yourdomain.key
3. The SSL certificate: yourdomain_com.crt
4. The CA intermediate certificate: yourdomain_com.ca-bundle
Enabling SSL certificate
We will need to edit Apache’s configuiration file to enable the SSL. The config files are located on /etc/apache-sp/vhosts.d folder, run the command below to navigate to the directory:
cd /etc/apache-sp/vhosts.d/Edit the config file related to your app or website. Run the comman to open and edit the file appname.conf
vi appname.confThis will open the text editor in your console/terminal where you are going to edit few lines:
Define DOCUMENT_ROOT /srv/users/serverpilot/apps/appname/public
SSLEngine on
SSLCertificateFile /etc/apache-sp/certs/appname/appname_com.crt
SSLCertificateKeyFile /etc/apache-sp/certs/appname/appname.com.key
SSLCertificateChainFile /etc/apache-sp/certs/appname/appname_com.ca-bundle
ServerAdmin webmaster@
DocumentRoot ${DOCUMENT_ROOT}
ServerName appname
ServerAlias appname.com
ServerAlias www.appname.com
RemoteIPHeader X-Real-IP
SetEnvIf X-Forwarded-SSL on HTTPS=on
IncludeOptional /etc/apache-sp/vhosts.d/appname.d/*.conf
ErrorLog "/srv/users/serverpilot/log/appname/https_appname_apache.error.log"
CustomLog "/srv/users/serverpilot/log/appname/https_appname_apache.access.log" common
Save the file and restart Apache on your server:sudo service apache-sp restart🙌 That’s it! You’re website/app is now certified and secure!