Apache HTTP Server is an open-source web server software that is fast, reliable, and secure. It can be highly customized to meet the needs of many different environments by using extension modules and scripts. One of the most common modules used is the mod_ssl module which provides necessary support for SSL and TLS protocols.
SSL/TLS is a protocol used to secure and encrypt communication between computers. In web servers and hosting, it’s used to secure data transfer between the server and the client (browser). When SSL is enabled and configured on your server, it changes the HTTP to HTTPS, indicating that a secure connection is in place.
In this tutorial, we will learn how to enable the mod_ssl Apache module on Ubuntu Linux OS.
This tutorial is designed for webmasters and website administrators who have a basic understanding of how web servers work. It’s also beneficial if you have some experience with command-line operations in Linux, as we’ll be using the terminal to execute commands.
Let’s get started!
Before we start, you need to have the following:
- A Ubuntu server: You can use a dedicated server, VPS server, or a cloud hosting service. The choice depends on your preference, budget, and level of comfort with managing servers.
- Apache installed: If you haven’t installed Apache yet, you can follow our guide on the Apache HTTP Server Installation.
- Terminal access: You need to be able to log in to your server’s terminal. This can be done directly if you’re using a dedicated server, or via SSH if you’re using a remote server.
- Sudo privileges: The account you’re using to log in to the server needs to have sudo privileges so that you can perform administrative tasks.
Once you have these in place, we can proceed with the tutorial.
Step 1: Update Your Server
The first step is to ensure that your server is up-to-date. You can do this by running the following commands:
sudo apt-get update sudo apt-get upgrade
These commands will update the package lists for upgrades and new package installations, and install the newest versions of all packages currently installed on your system.
Step 2: Install mod_ssl
The next step is to install the mod_ssl module. This can be done using the following command:
sudo apt-get install libapache2-mod-ssl
This command will install the mod_ssl module along with its dependencies.
Step 3: Enable mod_ssl
After the installation is complete, you need to enable the mod_ssl module. This can be done using the following command:
sudo a2enmod ssl
The a2enmod command is used to enable Apache modules.
Step 4: Set Up SSL Certificate
Once the mod_ssl module is enabled, the next step is to set up an SSL certificate. For the purpose of this tutorial, we will create a self-signed certificate. This type of certificate is fine for testing purposes or for internal use, but for a public website, you should consider getting a certificate signed by a trusted certificate authority.
You can create a self-signed certificate using the openssl command as follows:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
This command will create a new RSA key and a self-signed certificate valid for 365 days. The key will be stored in the file /etc/ssl/private/apache-selfsigned.key and the certificate in the file /etc/ssl/certs/apache-selfsigned.crt.
During the execution of this command, you will be asked several questions about your server and your organization. The most important question is “Common Name (e.g. server FQDN or YOUR name)”. Here you should enter the domain name of your server or, if you don’t have one, your server’s public IP address.
Step 5: Configure Apache to Use SSL
Now that you have your SSL certificate, you need to configure Apache to use it. This involves editing the default SSL configuration file.
First, open the file with a text editor. In this example, we’ll use nano:
sudo nano /etc/apache2/sites-available/default-ssl.conf
In this file, look for the lines that start with SSLCertificateFile and SSLCertificateKeyFile. Replace them with the following lines:
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
These lines tell Apache where to find the SSL certificate and the private key.
Step 6: Enable the SSL Site
The next step is to enable the SSL site. This can be done using the a2ensite command as follows:
sudo a2ensite default-ssl
The a2ensite command is used to enable Apache sites.
Step 7: Restart Apache
Finally, for the changes to take effect, you need to restart Apache. This can be done using the following command:
sudo systemctl restart apache2
Congratulations! You have successfully enabled the mod_ssl Apache module on your Ubuntu server. Your server is now capable of serving websites over HTTPS, providing a secure connection for your users.
In this tutorial, we’ve walked through the process of enabling the mod_ssl Apache module on Ubuntu. This module is crucial for securing your web server and ensuring that data transferred between the server and client is encrypted. While the process may seem complex, it’s actually quite straightforward when broken down into individual steps. By following this guide, even beginners should be able to secure their Apache server with SSL.
Remember, while a self-signed certificate is fine for testing purposes or internal use, for a public website, you should consider getting a certificate signed by a trusted certificate authority. This ensures that your users’ browsers will trust your site and not display any warning messages.
For more information on different types of web servers, you can visit our guide on the best web servers.
If you have any questions or run into any issues, feel free to ask for help. There’s a large and active community of Apache users who can provide assistance.
Good luck with your Apache server!
- sudo apt-get update – Updates the package lists for upgrades and new package installations.
- sudo apt-get upgrade – Installs the newest versions of all packages currently installed on the system.
- sudo apt-get install libapache2-mod-ssl – Installs the mod_ssl module along with its dependencies.
- sudo a2enmod ssl – Enables the mod_ssl module.
- sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt – Creates a new RSA key and a self-signed certificate valid for 365 days.
- sudo nano /etc/apache2/sites-available/default-ssl.conf – Opens the default SSL configuration file in a text editor.
- sudo a2ensite default-ssl – Enables the SSL site.
- sudo systemctl restart apache2 – Restarts Apache.
What is the mod_ssl Apache module?
The mod_ssl module provides support for SSL and TLS protocols on the Apache web server. It allows the server to serve sites over HTTPS, providing a secure connection for users.
What is a self-signed SSL certificate?
A self-signed SSL certificate is a certificate that is not signed by a trusted certificate authority. Instead, it is signed by the server that generated it. While it provides the same level of encryption as a certificate signed by a trusted authority, it is not trusted by browsers and will usually trigger a warning message. It’s fine for testing purposes or for internal use, but for a public website, a certificate signed by a trusted authority is recommended.
Why do I need to restart Apache after enabling mod_ssl?
Restarting Apache ensures that the server picks up any changes you’ve made to its configuration files. When you enable mod_ssl, you’re making changes to Apache’s configuration. By restarting the server, you’re making sure that these changes are applied.
What is the difference between HTTP and HTTPS?
HTTP stands for Hypertext Transfer Protocol, and it’s the protocol used for transferring data over the internet. HTTPS stands for HTTP Secure. It’s the same as HTTP, but it uses an SSL certificate to encrypt the data that is transferred between the server and the client. This makes it much more secure.
What does the a2enmod command do?
The a2enmod command is used to enable Apache modules. The name stands for “Apache 2 enable module”. When you run this command followed by the name of a module, it enables that module.