How to Install SSL Certificate on Apache2 Ubuntu 18.04 LTS Server?

With Google’s recent announcement,  earlier this year, Google will flag all HTTP:// ( without SSL certificate ) website as unsafe.  This means if your website doesn’t have the SSL certification installed then your website will show ‘Not Secure’ in the URL bar on the Chrome browser.

This reduces the trust of your visitors when they will see Not Secure alert in front of your website URL.  Google giving the priority of HTTPS-based website than HTTP. So website having an SSL certification rank above HTTP. 
Installing an SSL certificate is very easy using cPanel, as it provides an easy tool for SSL installation. But it is not that easy when you have SSH based server management platform like AWS EC2. 

To install SSL certificates on Ubuntu 18.04 server with Apache2, we have to follow the following steps : 

Step 1: Copy your SSL certificate files to the server

1. Download your Intermediate Certificate (CertificateAuthorityIntermediate.cert) 
2. SSL Certificate (Your_Domain.cert) 
3. Your domain key file (Your_Domain.key)
   Key file that you’re generated while creation of the CSR

Copy these three files to secure area in your server /etc/apache2/ssl folder. And set the permission of ssl folder to 600

 ~sudo chmod -R 600 ssl 

Step2 : Ensure that the Apache SSL module is enabled. 

Run below command to enable SSL module

 ~sudo a2enmod ssl

Step 3: Locate & Open your website Apache configuration file

Generally, Apache website configuration file can be found over here  

/etc/apache2/site-available/your_website.conf   

You can add SSL configuration to the same configuration file by creating separate <VirtualHost *:443> block Or you can use the default-ssl.conf file if exist or Create a new one. 

To create a separate conf file.. YOUR_WEBSITE_SSL.conf 

1. Run following command ~sudo vim your_website_ssl.conf
2. Save the empty file: wq 
3. Enable the new configuration file ~sudo a2ensite your_website.conf 
4. Restart the Apache2  – 

 ~sudo systemctl reload apache2 

OR

~sudo systemctl restart apache2

A new file empty configuration file has been created. 

Step4: Add SSL configuration to your config file. 

Find port 443 VirtualHost configuration block in your existing config file and  Copy and paste the following SSL configuration code :

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/Your_Domain.cert
SSLCertificateKeyFile /etc/apache2/ssl/Your_Domain.key
SSLCertificateChainFile /etc/apache2/ssl/CertificateAuthorityIntermediate.cert

Explanation :
SSLCertificateFile is your certificate file
SSLCertificateKeyFile is the key file that you generated while creating the CSR
SSLCertificateChainFile is the Certificate Authority intermediate certificate file

For new SSL config file you can copy below code and paste  it : 

<IfModule mod_ssl.c>
   <VirtualHost _default_:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/Your_Domain.crt
        SSLCertificateKeyFile /etc/apache2/ssl/Your_Domain.key
        SSLCertificateChainFile /etc/apache2/ssl/CertificateAuthorityIntermediate.crt

        DocumentRoot /var/www/html
        <Directory /var/www/html>
          AllowOverride None
          Order Allow,Deny
          Allow from All
       </Directory>

       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>
</IfModule>

Note : Above configuration based on our example website, it can be different for your website. 

Step 5: All done! Restart Apache2 to view your HTTPS-based website