How to Install SSL Certificate on Ubuntu | Apache & Nginx

1

With the constant increase in security standards of the web and recommendation by Google, it is kind of important to have an SSL Certificate for your website. It is not mandatory yet but soon it will be.

FYI: If you are using the latest version of Mozilla Firefox, Google Chrome etc., then if you are visiting login or registration page you will see a “Not Secure” dialog if the site is not accessed bu https.

As far as we know Ubuntu is the most commonly used operating system by developers to host their websites on the internet. So we have decided to compile a tutorial mainly focused on Ubuntu. Commands may be similar or different for other Linux distributions so make sure to check out official documentation or other tutorials.

So without wasting any more of your time, let’s get started with the installation of an SSL Certificate on your Ubuntu Server.

How to Install SSL Certificate on Ubuntu

Apache2 & Nginx are the most commonly used on Ubuntu. There are three ways in which these are usually configured:

  1. Only Apache2 as Web Server (Most Compatible)
  2. Only Nginx as Web Server (High Performance but Less Compatibility)
  3. Apache2 as Web Server and Nginx as a Reverse Proxy (Balanced & Commonly Used Nowadays)

In the first case, you will need to configure SSL in Apache2 configurations. However, in the other two cases, it will be configured in Nginx configurations. We will cover both of them here but this is just to let you know what to do in such cases.

Obtaining an SSL Certificate on Ubuntu

The first and foremost thing to do before proceeding is to get an SSL certificate for your website and domain. There are several types of SSL certificates as well as lots of SSL Certificate Providers. If you do not own an SSL Certificate already then we suggest you try a basic package like this one. It will make the whole process quick, painless and easy.

After you purchase an SSL certificate you will be provided many files including .crt, .pem, .key and several others for different purposes. Make sure to save them to a secure location because you may need it in the future while configuring the server.

If you only need an SSL Certificate for local development and testing then you can generate a certificate with this command on Ubuntu. Kindly note that this will throw a security error since it is self-signed and is not liable for any loss. So don’t use it on a publicly accessible website.

Steps to Generate Self Signed Certificate

Generate Self Signed Certificate OpenSSL

  1. Create a directory using “sudo mkdir /etc/apache2/ssl”. You can change to path to anything you want.
  2. Similarly, use this command to generate SSL certificate (Use Your Path)”sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt” Read more about OpenSSL command here
  3. After you execute the command you will be asked to enter

Installing the SSL Certificate on Ubuntu

As we mentioned previously in the article, SSL can be installed in Apache as well as Nginx. Kindly refer that section to know which one is for you.

Amazon Prime

On Apache2

Note: Before you edit any of the apache2 settings, gather basic knowledge about how this works. Any misconfiguration will prevent apache2 from starting again and performing efficiently.

  1. Enable SSL on apache2 using “sudo a2enmod ssl”.
  2. Now restart apache2 to recognize the configuration change using “sudo service apache2 restart”
  3. All the apache2 sites configuration are stored at “/etc/apache2/sites-available/”
  4. If you have not created a .ssl.conf for your site then create it and copy all the configuration from the .conf file of your site.
  5. Now in the .ssl.conf file change port from 80 to 443 and add these lines in the configuration.SSLEngine on
    SSLCertificateFile {absolute-path-to-certificate-crt-file}
    SSLCertificateKeyFile {absolute-path-to-certificate-key-file}*Replace the path with the path of certificate files on your server.
  6. Activate the configuration using “sudo a2ensite {your-site}.ssl.conf”.
  7. Restart apache2 server for changes to take effect “sudo service apache2 restart”.

On Nginx

Note: Before you edit any of the Nginx settings gather basic knowledge about how this works. Any misconfiguration will prevent Nginx from starting again and performing efficiently.

  1. All the apache2 sites configuration are stored at “/etc/nginx/sites-available/”
  2. Open the configuration file for your site and add these lines to the server block.Add “listen 443 ssl;” after the last listen line at the top of your file. This will make sure that nginx listens to the port 443 from now on. Now below the server_name line, add these: ssl_certificate {absolute-path-to-certificate-crt-file};
    ssl_certificate_key {absolute-path-to-certificate-key-file};*Replace the path with the path of certificate files on your server.
  3. Restart the nginx server using “sudo service nginx restart” for changes to take effect.

Now you can access your website via https://your-site-url-or-ip

Fixing Common SSL Certificate Errors

1 – The site’s security certificate is not trusted

The Site's Security Certificate is Not Trusted

If you get an error like “The site’s security certificate is not trusted” then here is how to fix it. You will generally see this error on a self-signed certificate. You can also see this type of error if the certificate issuing authority is not recognized or your certificate is expired and several other reasons.

The first this is to find out the error. You can do so by going to browser tools -> developer tools. Now click on the security tab.

Chrome Developer Tools - Security Tab

Now click on view certificate. There you will find all the information. Check out other tabs also and look out for anything suspicious.

SSL Certificate Information

2 – Your Connection is Not Private

Your Connection is Not Private

This can happen due to several reasons like incorrect system date on your computer, network limitation, access limitation, firewall/antivirus conflict.

To fix this first check out the error code as it will make the whole process a lot easier. Here are some common errors and fixes:

ERR_CERT_AUTHORITY_INVALID: In this case, there is an issue with the authority of SSL issuer. Contact your SSL Certificate provider immediately.

ERR_CERT_COMMON_NAME_INVALID: The domain or subdomain that you are visiting is not included in the SSL certificate. For example, SSL certificate is for www.techrrival.com and you are visiting tools.techrrival.com. To fix this ask your SSL provider to include the necessary subdomains in the certificate.

ERR_CERT_DATE_INVALID: This occurs due to incorrect date configuration on your computer or if your SSL certificate has expired. Check and fix the issue.

Although we have covered the most commonly occurring SSL certificate errors, but if you encounter anything new we will be glad to include here in this tutorial.

So that was all on how to install SSL certificate on your Ubuntu server or computer. If you get stuck of any of the steps or want a detailed explanation of what we did in this tutorial then free feel to ask us in the comment section below.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here