Neil Reyes

Photo by madartzgraphics

How To Install an SSL Certificate to Digital Ocean (Ubuntu Apache)

How To Install an SSL Certificate to Digital Ocean (Ubuntu Apache)

Requirements:

  1. Digital Ocean account
  2. Domain Name
  3. SSL Certificate

Create a folder for your keys and certificates

mkdir /etc/apache-sp/appname

Generate a CSR and Private Key

Navigate to the newly created directory
cd /etc/apache-sp/appname
Then generate a CSR and Private Key with the command below:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr
You will be ask to answer various questions:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:sammy@example.com
Now you need to copy the generated CSR code using this command:
cat yourdomain.com.csr

Purchase an SSL Certificate

In this case you need to purchase SSL certificate in this link.

Installing SSL certificate on your Digital Ocean server

Download certificates and upload it to the directory that we created earlier – /etc/apache-sb/appname/. You should have 4 files within that directory:

1. The certificate signing request (CSR): yourdomain.com.csr
2. The private key: yourdomain.key
3. The SSL certificate: yourdomain_com.crt
4. The CA intermediate certificate: yourdomain_com.ca-bundle

Enabling SSL certificate

We will need to edit Apache’s configuiration file to enable the SSL. The config files are located on /etc/apache-sp/vhosts.d folder, run the command below to navigate to the directory:
cd /etc/apache-sp/vhosts.d/
Edit the config file related to your app or website. Run the comman to open and edit the file appname.conf
vi appname.conf
This will open the text editor in your console/terminal where you are going to edit few lines:

    Define DOCUMENT_ROOT /srv/users/serverpilot/apps/appname/public

    SSLEngine on

    SSLCertificateFile /etc/apache-sp/certs/appname/appname_com.crt
    SSLCertificateKeyFile /etc/apache-sp/certs/appname/appname.com.key
        SSLCertificateChainFile /etc/apache-sp/certs/appname/appname_com.ca-bundle

    ServerAdmin webmaster@
    DocumentRoot ${DOCUMENT_ROOT}
        ServerName appname
    ServerAlias appname.com
    ServerAlias www.appname.com


    RemoteIPHeader X-Real-IP
    SetEnvIf X-Forwarded-SSL on HTTPS=on
    IncludeOptional /etc/apache-sp/vhosts.d/appname.d/*.conf

    ErrorLog "/srv/users/serverpilot/log/appname/https_appname_apache.error.log"
    CustomLog "/srv/users/serverpilot/log/appname/https_appname_apache.access.log" common
Save the file and restart Apache on your server:
sudo service apache-sp restart
🙌 That’s it! You’re website/app is now certified and secure!