apache2 ssl

I have a ubuntu apache2 server .I would like to my website security ans ssl https certificate creating.

can i free ssl certicate install if yes how ?please explain me.

Thank you
needs needsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
yes, you can.

1. More straightforward - Through Let's Encrypt (free CA) using an agent installed in the server. The agent will automatically obtain and install a new SSL certificate that is valid for the domains provided. Let’s Encrypt certificates only last for 90 days. However, this agent will take care of this by running renewal twice a day via a systemd timer. https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

2. More self managed control - Create your certificate signing request (CSR) and order it from 3rd party CA e.g. DigiCert, unless you have your own CA. After you've received your SSL certificate from DigiCert, you can install it on your server. Save the primary and intermediate certificates to a folder on the server with the private key.

Next is to make sure the the Apache configuration file is updated to use the SSL certificate . Apache configuration files are usually found in /etc/httpd. The main configuration file is usually named httpd.conf. In most cases the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find the <VirtualHost> blocks in a separate file in a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf.

If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and change the port from port 80 to 443.

Change accordingly the lines in bold below.
DocumentRoot /var/www/
ServerName www.domain.com
SSLEngine on
SSLCertificateFile /etc/ssl/crt/primary.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/intermediate.crt


Save all changes and restart your Apache web server and do take note of this
If Apache2 doesn't restart with SSL support, try using apachectl startssl instead of apachectl start. If SSL support only loads with apachectl startssl, we recommend you adjust the apache startup configuration to include SSL support in the regular apachectl start command. Otherwise, your server may require you to manually restart Apache2 using apachectl startssl in the event of a server reboot. This usually involves removing the <IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
needs needsAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.