Setup Apache2 SSL Certificates on Ubuntu 17.04 | 17.10

This post shows students and new users how to configure Apache2 webserver with SSL certificates so that it can communicate over HTTPS or port 443/TCP. As you may have heard, websites that communicate over HTTPS will rank higher on Google search engine result pages.

Because of the importance placed on HTTPS and SSL, webmasters and website owners are rapidly migrating their sites over to HTTPS. For students and new users who want to learn how to run websites over HTTPS can follow the steps below.

Before you can configure your web server to serve pages over HTTPS, you must first generate or obtain a SSL certificate. We have shown you how to do that here. To read this post, please click here.

Step 1: Generate SSL Certificates

To configure Apache2 to serve pages over HTTPS via SSL, you must first obtain a certificate. For this post, we’re going to be generating a self-signed certificate. To learn how to generate a self-signed certificate, read the post below:

Step 2: Configure Apache2 with SSL Certificate

Now that you’ve generated a SSL certificate, open Apache2 default SSL configuration file by running the commands below.

sudo nano /etc/apache2/sites-available/default-ssl.conf

When the file opens, add these two highlighted lines to include the server key and certificate file (server.crt) into the configuration. These two lines are the bare minimal to get Apache2 to serve HTTPS pages.

                ServerAdmin [email protected]

                DocumentRoot /var/www/html

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/ssl/private/server.crt
                SSLCertificateKeyFile /etc/ssl/private/server.key

Others more advanced configuration SSL configurations can be added if necessary. However, to get your sites communicating over HTTPS, add the two highlighted lines above into the file.

After adding the lines for the certificate files, run the commands below to enable the default SSL configuration.

sudo a2ensite default-ssl

Now that the site is enabled, run the commands to enable Apache2 SSL module.

sudo a2enmod ssl

Finally, restart Apache2 webserver to apply all the changes above.

sudo systemctl restart apache2.service

That’s it! This is how one enables SSL certificate for Apache2 to communicate over HTTPS. Test by browsing the the host IP or server name beginning with HTTPS.

apache2 ssl certificate


This post shows students and new users how to configure Apache2 webserver to use SSL certificates and communicate over HTTPS. Before configure Apache2 to use SSL, you must first obtain a SSL certificate.

For this post, we’re using self-signed certificate which may warn you when browsing to the host that the cert may not be trusted. Ignore the cert warning and continue to the site.



  1. Hi, i do all the steps but i still dont see the message “your conecction is not secure”, my apache server is running without problem, please let me know if there is some other step please

  2. ~$ sudo a2enmod ssl
    sudo: a2enmod: command not found
    ~$ sudo systemctl restart apache2.service
    Failed to restart apache2.service: Unit apache2.service not found.

    1. worked. thank you.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.