# How to Install and Configure SSL Certificates in Apache? This guide will walk you through the complete process of setting up Apache with SSL (HTTPS) on an Ubuntu server. By the end, your Apache web server will be configured with a valid SSL certificate and ready to securely serve web trafficnumber in the ports section. **Prerequisites** * Ubuntu VM with root access (root password set) * Ports 80 and 443 must be open in the Security Group **Step 1: Run the following command to install Apache:** ``` apt install apache2 ```

**Step 2: Enable Required Apache Modules** Run the following commands to load necessary modules: `sudo a2enmod ssl` `sudo a2enmod proxy` `sudo a2enmod proxy_http` `sudo a2enmod headers` `sudo a2enmod rewrite`

**Step 3: Restart the Apache Service** ``` sudo systemctl restart apache2 ```

**Step 4: Verify Apache Installation** * Open a browser and enter the server's IP address. * You should see the Apache default page. * Ensure ports 80 and 443 are open in the Security Group.

**Step 5**: **Check Listening Ports** Run command: ``` netstat -tulnp ```

Note: If port 443 is allowed in the security group but not listening on the server, open and edit ports.conf: * cd /etc/apache2/ * sudo nano ports.conf ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/7Nw9JhaeKZETHav62jfh/Unknown%20image) ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/Sj4E26t6pjULnf8uGps0/Unknown%20image) To use a custom port instead of 443: * Replace 443 with your desired port in ports.conf * Open that custom port in the Security Group Restart Apache: * sudo apachectl configtest * sudo systemctl restart apache2 {% hint style="info" %} **Important Note:** Before restarting Apache after any config change, run this command: ``` sudo apachectl configtest ``` If output is **Syntax OK**, proceed with a restart. {% endhint %} **Step 6: Disable Default Site** * Cd /etc/sites-enabled ``` ls ``` It lists the enabled default site name ``` sudo a2dissite 000-default.conf ``` ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/CkiJtCRao1hNKfdrzveE/Unknown%20image) **Step 7: Create Reverse Proxy Configuration File** ``` sudo nano /etc/apache2/sites-available/reverse-proxy.conf ``` Add this content to the file : ``` ServerName apache-poc-test.theacecloud.com ServerAlias apache-poc-test.theacecloud.com Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Content-Type-Options "nosniff" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" ProxyPreserveHost On ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ ErrorLog ${APACHE_LOG_DIR}/reverse-proxy-error.log CustomLog ${APACHE_LOG_DIR}/reverse-proxy-access.log combined ``` ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/xZbAJN91JeiXTimM5a7o/Unknown%20image) **(Update domain name as per your setup)** **Step 8: Apply SSL Using Certbot** ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/ytpcBfFmhqkL2OGKrLwX/Unknown%20image) ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/UnOzl3fpuZxgR0rWaIvd/Unknown%20image) ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/VK7iUnwPimTgbggKNswN/Unknown%20image) **Commands:** * sudo snap install --classic certbot * sudo ln -s /snap/bin/certbot /usr/bin/certbot * sudo certbot –apache **Follow prompts:** * Enter email * Agree to terms – press y * Select domain (ensure the domain points to the correct server IP) ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/vCzvOLoeUxI0dyHdrdeH/Unknown%20image) ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/6OlYedaFCpTfG1gjxWFO/Unknown%20image) Once SSL is deployed, it creates: **reverse-proxy-le-ssl.conf**(Verify its content, this should be present in this file) ![](https://content.gitbook.com/content/VBa3yjTJ7LPbjby0TKRi/blobs/SCrgewWN8kMHQPp6x5mO/Unknown%20image) Once the above steps are completed, your setup should now be successfully configured. \ Please review the configuration again to verify everything is working correctly.