Skip to content

Instantly share code, notes, and snippets.

@gilangvperdana
Last active June 4, 2022 12:49
Show Gist options
  • Save gilangvperdana/74ab7eb4e7d5e4ca76663334ed905bae to your computer and use it in GitHub Desktop.
Save gilangvperdana/74ab7eb4e7d5e4ca76663334ed905bae to your computer and use it in GitHub Desktop.
Installation SSL with OpenSSL on Apache & Nginx

All About OpenSSL

Make web HTTPS with OpenSSL.

OpenSSL on Apache 2

apt install -y apache2
apt install -y openssl

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout gbesar.key -out gbesar.crt
mv gbesar.crt /etc/ssl/certs
mv gbesar.key /etc/ssl/private

nano /etc/apache2/sites-available/ssl.conf
---
<VirtualHost *:80>
  Redirect "/" "https://IP_address/"
</VirtualHost>
 
<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/gbesar.crt
  SSLCertificateKeyFile /etc/ssl/private/gbesar.key
  ServerName www.gbesar.com
  DocumentRoot /var/www/html
</VirtualHost>
---

a2ensite ssl.conf
a2dissite default-ssl.conf
a2enmod ssl

sudo apachectl configtest
systemctl restart apache2

OpenSSL on Nginx

apt install -y nginx
apt install -y openssl

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout gbesar.key -out gbesar.crt
mv gbesar.crt /etc/ssl/certs
mv gbesar.key /etc/ssl/private

sudo nano /etc/nginx/sites-available/default
---
server {
  listen 80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name localhost;
  ssl_certificate /etc/ssl/certs/gbesar.crt;
  ssl_certificate_key /etc/ssl/private/gbesar.key;
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  root /var/www/html;
  index index.html index.nginx-debian.html;
}
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name _;
  return 301 https://$host$request_uri;
}
---

sudo service nginx reload

Use CertBot

If you want to use generator that will original verification to DNS Server you can use Certbot

  • Configure
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d example.com -d www.example.com
  • You can generate for just cert
sudo certbot certonly
  • Point cert to your nginx/apache block
  • Restart web server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment