Make web HTTPS with OpenSSL.
apt install -y apache2
apt install -y openssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout gbesar.key -out gbesar.crt
mv gbesar.crt /etc/ssl/certs
mv gbesar.key /etc/ssl/private
nano /etc/apache2/sites-available/ssl.conf
---
<VirtualHost *:80>
Redirect "/" "https://IP_address/"
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/gbesar.crt
SSLCertificateKeyFile /etc/ssl/private/gbesar.key
ServerName www.gbesar.com
DocumentRoot /var/www/html
</VirtualHost>
---
a2ensite ssl.conf
a2dissite default-ssl.conf
a2enmod ssl
sudo apachectl configtest
systemctl restart apache2
apt install -y nginx
apt install -y openssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout gbesar.key -out gbesar.crt
mv gbesar.crt /etc/ssl/certs
mv gbesar.key /etc/ssl/private
sudo nano /etc/nginx/sites-available/default
---
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name localhost;
ssl_certificate /etc/ssl/certs/gbesar.crt;
ssl_certificate_key /etc/ssl/private/gbesar.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
root /var/www/html;
index index.html index.nginx-debian.html;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
---
sudo service nginx reload
If you want to use generator that will original verification to DNS Server you can use Certbot
- Configure
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d example.com -d www.example.com
- You can generate for just cert
sudo certbot certonly
- Point cert to your nginx/apache block
- Restart web server