How to add Cloud-flare SSL certificated to ubuntu 20.04 server
Introduction:
In this blog post, we will explore the step-by-step process of adding Cloud-flare SSL certificates to an Ubuntu 20.04 server. By securing your server with an SSL certificate from Cloudflare, you can ensure encrypted communication between your server and clients, enhancing the security of your website or application.
Prerequisites:
Before proceeding with the steps to add Cloud-flare SSL certificates to your Ubuntu 20.04 server, ensure that Apache is installed on your server. You can refer my blobs in which i have created a separate blog how to install apache in ubuntu 20.04 LTS
Step 1: Generate a Certificate Signing Request (CSR) To begin, you need to generate a Certificate Signing Request (CSR) on your Ubuntu 20.04 server. The CSR will be used to request an SSL certificate from Cloudflare.
Step 2: Obtain Cloudflare SSL Certificates After generating the CSR, you will need to obtain the Cloudflare SSL certificates. Cloudflare offers free SSL certificates that can be easily obtained through their dashboard.
Step 3: Transfer the Files to the Ubuntu Server
Once you have obtained the SSL certificate files (SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile) during the certificate creation process, it is essential to move these files to their respective paths on your Ubuntu server.
Move the SSLCertificateFile, “yourdomain.crt,” to the following path:
/etc/ssl/yourdomain.crt
Move the SSLCertificateKeyFile, “yourdomain.key,” to the following path:
/etc/ssl/private/yourdomain-key.key
Move the SSLCertificateChainFile, “yourdomain.crt” (ca_bundle.crt file), to the following path:
/etc/ssl/certs/yourdomain.crt
Step 4: Configure Apache to Use SSL
To enable SSL on Apache, you need to configure it to use the SSL certificates you just transferred to the server. Follow these steps:
Open the Apache configuration file, “your_domain_or_ip.conf,” using the following command:
sudo nano /etc/apache2/sites-available/your_domain_or_ip.conf
Paste the following minimal VirtualHost configuration inside the “your_domain_or_ip.conf” file:
<VirtualHost *:443>
ServerName yourdomain.com
DocumentRoot /var/www/yourdomain
SSLEngine on
SSLCertificateFile /etc/ssl/yourdomain.crt
SSLCertificateKeyFile /etc/ssl/private/yourdomain-key.key
SSLCertificateChainFile /etc/ssl/certs/yourdomain.crt
</VirtualHost>
Be sure to update the ServerName
line to however you intend to address your server. This can be a hostname, full domain name, or an IP address. Make sure whatever you choose matches the Common Name
you chose when making the certificate.
The remaining lines specify a DocumentRoot
directory to serve files from, and the SSL options needed to point Apache to our newly-created certificate and key.
Now let’s create our DocumentRoot
and put an HTML file in it just for testing purposes:
sudo mkdir /var/www/your_domain_or_ip
Open a new index.html
file with your text editor:
sudo nano /var/www/your_domain_or_ip/index.html
add any contents inside the HTML file
<h1>Hello Ai!</h1>
Save and close the file Next, we need to enable the configuration file with the a2ensite
tool:
sudo a2ensite your_domain_or_ip.conf
Reload Apache to implement our changes:
sudo systemctl reload apache2
Next, let’s test for configuration errors:
sudo apache2ctl configtest
output should be
Output
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Else check the error any try to resolve
Now your domain should reflect https with hello ai html page.