Elements

Basically in order to successfully install an SSL certificate you need the following things

  • CSR file
  • Private key
  • Certificate key
  • Certificate chain

Prepare Your Server

The first step to installing your certificate is to prepare your server directories to hold the final keys later on.

So ssh into your server and do the following:


sudo mkdir /etc/apache2/ssl
chmod 700 /etc/apache2/ssl
chown www-data:www-data /etc/apache2/ssl

Then to be sure, do the following to install openssl. Nothing will happen naturally if openssl is already installed.

sudo apt-get install openssl

Then install the required ssl mods for your apache instance and activate them:

sudo a2enmod ssl

Generate the CSR

In order for GoDaddy to be able to issue our SSL certificate, we need to generate the CSR (Certificate Signing Request) key and our Private Key. In your home directory, do the following. You don’t need to do sudo at this point.

openssl req -newkey rsa:2048 -nodes -keyout website_ssl.key -out website_ssl.csr -sha256

After running the above command you will be required to answer some identity questions. Make sure you answer them as accurate as possible. The questions will look like something below:

You don’t really need to use the challenge password with GoDaddy at the time of this writing.

Now that you have completed generating the private key and the CSR, it’s time to send it through to GoDaddy.

Generate the Secure Certificate

Open the website_ssl.csr that we generated before. You can use vim or you can simply cat it to the terminal. The CSR should look like this:


-----BEGIN CERTIFICATE REQUEST-----
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKMZ0czj18lWf2v2C0sl7mYVLn732G0/Pa/N3/yp
DwdHmfkmDbRG5xDo2AQ7VzIWpXnzsz9hNhLSJx1kcwBX7N7/CAQnMYLpDm5TUYs0
x8l5yhvXBn/QSA1ItaT2hgWixlml8zuzlucCfc6gnu+g4Bef95o1yE218AZQV1Pl
JooiHqsDycetfl/7KEw10hfRjV8TX+vDcBUkJ/BubyPYEf1j3dbDqlUGGXco1AB1
xiMbfFTU20uzvpaPz333vj64uKMr/+rFkso0bHy1LaLYVQCAoYhGj7SbveB5qbtO
AkgsYKCfLbatmyBrSB2gKFbyNlRj1AH3E7NeNrkXdVcSrH8CAwEAAaAAMA0GCSqG
SIb3DQEBCwUAA4IBAQBxWB4NHv7JtcxcyTmwTDizUG/cf0vlyZSz/mvgTUI5Vgbr
jJsRe7d/xyIKTKpp4uhl1J96CE8Qhqy7dezEht7Y7iluzJBJV8RRuHvBc1YKBFd+
Py5AVZwmgpdwPDj83/+yD4vuJdsBkAxCUflWzuQ35zEucCwwlcDbl/r1PJae0UdC
mYF09YImve2G7dHvvi/hQ7AEUbaxnAX0u53HZBELJF41bW1eoInsaxnEMNMvfl/1
xoxmfaCZiKXZWDHB+7sw3YRyxbZ7E0kwLx7xENH3FpbFCADJehLvacPA8obzsqWV
sWVG1SDyNqrPbyFlwsTcJjkM8CfvIbE93Z5A/A0A
-----END CERTIFICATE REQUEST-----

So copy the entire content from your CSR file, including the —–BEGIN and END.

Then login to GoDaddy, locate your secure certificate product and click launch. After that, click on setup and choose provide CSR. Then paste the content of the CSR file that you just copied previously.

When done, just wait until GoDaddy verifies your website’s identity and grant you access to download the certificate, in my case this happens very quick, at most within 10 minutes.

Installing the Certificate in Your Server

Once GoDaddy email you that your certificate has been generated, follow the link and download the certificate to you computer for now. Basically it’s a zip file containing 2 files, the one that looks like a randomly generated hash is your secure certificate (let’s call it 6eba0aa5c1b8.crt for this article), while the one that starts with gd_bundle_ is your certificate chain file.

So upload both files to your home directory in your Ubuntu server instance. You should now have the website_ssl.key, 6eba0aa5c1b8.crt, gd_bundle-g2-g1.crt. Then move those 3 files to the ssl directory that you created previously.

 


sudo mv ~/6eba0aa5c1b8.crt /etc/apache2/ssl/6eba0aa5c1b8.crt
sudo mv ~/website_ssl.key /etc/apache2/ssl/website_ssl.key
sudo mv ~/gd_bundle-g2-g1.crt /etc/apache2/ssl/gd_bundle-g2-g1.crt

Then make sure you set the correct permission to those files.


sudo chmod 600 /etc/apache2/ssl/*
sudo chown www-data:www-data /etc/apache2/ssl/*

Configure Apache

Open the default SSL virtual host file for editing :
sudo nano /etc/apache2/sites-available/default-ssl.conf

Change ServerAdmin to your valid email address:

ServerAdmin webmaster@localhost

Below this line, add the ServerName with either the domain name or IP address:


ServerAdmin webmaster@localhost
ServerName example.com

Find the lines which read:


SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

Change these to the location and name of your SSL certificate and key file:


SSLCertificateFile /etc/ssl/certs/example.com_ssl_certificate.cer
SSLCertificateKeyFile /etc/ssl/private/example.com_private_key.key

Save and exit the file.

Enable SSL on the server:

sudo a2enmod ssl

Enable the SSL virtual host:

sudo a2ensite default-ssl

Restart Apache for the changes to take effect:

sudo systemctl restart apache2


Helpful Article :

1. https://www.codingepiphany.com/2014/11/26/installing-godaddy-ssl-certificate-in-an-ubuntu-server/
2. https://www.ionos.com/community/markdown-migration/install-a-ionos-ssl-certificate-on-ubuntu-1604/