If you want to provide your site with an SSL certificate, once you purchase it on (ie:GoDaddy), you will have to perform the following steps:
- Download the certification zip file cointaining two files like those ones ( gd_bundle-g2-g1.crt / xxxxxxxxxxxxxx.crt (includes other letters in place of x )
- Create a new conf file in your apache server sites-enabled folder, for the ssl configuration called like <yoursite>-ssl.conf and it should be filled in like below:
12345678910111213141516171819202122232425262728293031<VirtualHost *:80>ServerName www.<yoursite>.comServerAlias <yoursite>.comRedirect permanent / https://www.<yoursite>.com/</VirtualHost><ifModule mod_ssl.c><VirtualHost _default_:443>ServerAdmin webmaster@localhostDocumentRoot <yoursite_directory_public_html>ServerName www.<yoursite>.comServerAlias <yoursite>.comErrorLog <yoursite_directory_log>/error.logCustomLog <yoursite_directory_log>/access.log combinedSSLEngine onSSLCertificateFile <yoursite_directory_certificates>/<your_site>.crtSSLCertificateKeyFile <yoursite_directory_certificates>/<your_site>.keySSLCertificateChainFile <yoursite_directory_certificates>/intermediate.crt<FilesMatch "\.(cgi|shtml|phtml|php)$">SSLOptions +StdEnvVars</FilesMatch><Directory /usr/lib/cgi-bin>SSLOptions +StdEnvVars</Directory></VirtualHost></IfModule>
On the below example, you have to focus basically on those 3 files
123SSLCertificateFile <yoursite_directory_certificates>/<your_site>.crtSSLCertificateKeyFile <yoursite_directory_certificates>/<your_site>.keySSLCertificateChainFile <yoursite_directory_certificates>/intermediate.crt
where provided gd_bundle-g2-g1.crt is going to be SSLCertificateChainFile and xxxxxxxxxxxxxx.crt is going to be SSLCertificateFile.
SSLCertificateKeyFile is going to be created on your server with the following command:1openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
You’ll be asked the questions like the Country, State, City, Company Name, Domain name and all. Just fill up the details and your Private key will be ready as
server.keyin the directory you are going to run this command. Then, you should move this file to <yoursite_directory_certificates>/<your_site>.key
- To make changes live, remember to reboot your apache server, refresh your site, and check the SSL certificate expiracy date.
In case your certificate has expired, and you just need to upgrade it, you won’t need to re-generate SSLCertificateKeyFile. You will just need to upgrade SSLCertificateChainFile and SSLCertificateFile with the provided new files from GoDaddy.