Loading...Step-by-step guide to secure your Apache server with HTTPS using an SSL certificate
If you’re looking to install an SSL certificate on Apache and enable HTTPS, you’re in the right place. Whether you’re managing a Linux server, using cPanel hosting, or working through OpenSSL, this guide walks you through everything needed to secure your website with HTTPS.
We’ll show you how to:
- Generate a private key and CSR using OpenSSL
- Common configuration steps required on any Apache server
- Install an SSL certificate via CLI/Linux, cPanel, and OpenSSL-based installs
- Configure Apache for HTTPS
Generating a CSR and Private Key Using OpenSSL
If you’re starting from scratch and don’t have a private key or CSR yet, you can use OpenSSL — a powerful toolkit available on most Linux servers by default.
Step 1: Connect to Your Server
SSH into your Apache server:
Step 2: Run the OpenSSL Command
Use this command to generate both your private key and CSR:
Here’s what each part does:
- -newkey rsa:2048: Generates a 2048-bit RSA private key
- -nodes: Skips password protection on the key (Apache needs an unencrypted key)
- -keyout private.key: Saves the private key to a file
- -out your_domain.csr: Saves the CSR to a file
Step 3: Fill In CSR Details
When prompted, enter the following details:
| Field | Description |
| Country Name | Two-letter country code (e.g. US, RO) |
| State or Province | Full name (e.g. California) |
| Locality | City name |
| Organization Name | Your company’s legal name |
| Organizational Unit | Department (optional) |
| Common Name | Your domain name (e.g. yourdomain.tld) |
| Email Address | Optional but recommended |
After completion, you’ll have:
- private.key – your private key
- your_domain.csr – your CSR
You’ll use the CSR to request an SSL certificate from a Certificate Authority (like cheapsslsecurity.com)
!Keep the private.key secure — you’ll need it when configuring Apache!
After your SSL certificate provider has issued your certificate, you’re ready to proceed to the next step.
Common Apache Configuration Requirements (All Environments)
Let’s first cover some universal configuration steps that apply regardless of your server’s operating system:
Place these files on your server:
sudo mv your_domain.crt /etc/ssl/certs/
sudo mv ca_bundle.crt /etc/ssl/certs/
sudo chmod 600 /etc/ssl/private/private.key
Note: If your CA provides multiple intermediate certificates, combine them:
Then reference ca_bundle.crt in your Apache config as the SSLCertificateChainFile.
Edit the Apache Virtual Host File
Don’t skip this part — you’ll need to edit your Apache virtual host file to point to your SSL certificate files. HTTPS won’t work until this is configured:
ServerName yourdomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/your_domain.crt
SSLCertificateKeyFile /etc/ssl/private/private.key
SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Apache SSL Installation by Environment
On Debian/Ubuntu (Command Line)
Where to edit configuration:
Enable SSL & the site:
sudo a2ensite yourdomain-ssl.conf
sudo systemctl reload apache2
Redirect HTTP to HTTPS (optional):
To redirect HTTP to HTTPS, you’ll need to edit your separate virtual host for port 80. Add the bolded line to your existing *.80 virtual host.
ServerName yourdomain.tld
Redirect permanent / https://yourdomain.tld/
</VirtualHost>
On CentOS/RHEL/AlmaLinux/Rocky
Suggested structure:
sudo nano /etc/httpd/sites-available/yourdomain-ssl.conf
ln -s /etc/httpd/sites-available/yourdomain-ssl.conf /etc/httpd/sites-enabled/yourdomain-ssl.conf
Add this to /etc/httpd/conf/httpd.conf if not already there:
Restart Apache:
On cPanel Hosting
- Log into cPanel
- Go to SSL/TLS > Manage SSL Sites
- Choose your domain
- Paste or upload:
- The certificate (.crt)
- Private key (.key)
- CA bundle (optional, but recommended)
- Click Install Certificate
- (Optional) Enable HTTPS redirect under Domains by toggling “Force HTTPS”
On Generic Linux / Manual Apache Config
If your system doesn’t use a2ensite or pre-defined site folders, you can manually edit your Apache config:
Edit Apache’s main config file (commonly one of these):
sudo nano /etc/apache2/apache2.conf # Debian-based
sudo nano /usr/local/apache2/conf/httpd.conf # Source-based installs
Add your SSL VirtualHost:
ServerName yourdomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/your_domain.crt
SSLCertificateKeyFile /etc/ssl/private/private.key
SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt
ErrorLog logs/ssl_error_log
CustomLog logs/ssl_access_log combined
</VirtualHost>
/
Restart Apache:
Final Checks
Whether you installed via CLI or cPanel, you can test your HTTPS setup with:
- SSL Labs Test
- Padlock icon in browser
- HTTP redirects working properly
Troubleshooting Tips
| Problem | Fix |
| “Private key mismatch” | Ensure the certificate matches the original private key |
| No padlock or insecure warning | Check if CA bundle is installed correctly |
| Permission errors in CLI | Make sure private key has 600 permissions and root-only access |
| cPanel won’t install cert | Use the “Autofill by Domain” button to populate fields correctly |
You’re HTTPS-Ready!
You’ve now installed an SSL certificate on Apache — whether you’re using command-line or cPanel. HTTPS is no longer optional. It protects your users, builds trust, and even helps your SEO rankings.
Need an SSL Certificate?
We’re happy to offer you the best solutions at the most pleasant prices — explore top options from trusted Certificate Authorities on SSL Certificate Brands page.
