How to add Cloud-flare SSL certificated to ubuntu 20.04 server

Tejaksha K
2 min readSep 19, 2024

--

Introduction:

In this blog post, we will explore the step-by-step process of adding Cloud-flare SSL certificates to an Ubuntu 20.04 server. By securing your server with an SSL certificate from Cloudflare, you can ensure encrypted communication between your server and clients, enhancing the security of your website or application.

Prerequisites:

Before proceeding with the steps to add Cloud-flare SSL certificates to your Ubuntu 20.04 server, ensure that Apache is installed on your server. You can refer my blobs in which i have created a separate blog how to install apache in ubuntu 20.04 LTS

Step 1: Generate a Certificate Signing Request (CSR) To begin, you need to generate a Certificate Signing Request (CSR) on your Ubuntu 20.04 server. The CSR will be used to request an SSL certificate from Cloudflare.

Step 2: Obtain Cloudflare SSL Certificates After generating the CSR, you will need to obtain the Cloudflare SSL certificates. Cloudflare offers free SSL certificates that can be easily obtained through their dashboard.

Step 3: Transfer the Files to the Ubuntu Server

Once you have obtained the SSL certificate files (SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile) during the certificate creation process, it is essential to move these files to their respective paths on your Ubuntu server.

Move the SSLCertificateFile, “yourdomain.crt,” to the following path:

/etc/ssl/yourdomain.crt

Move the SSLCertificateKeyFile, “yourdomain.key,” to the following path:

/etc/ssl/private/yourdomain-key.key

Move the SSLCertificateChainFile, “yourdomain.crt” (ca_bundle.crt file), to the following path:

/etc/ssl/certs/yourdomain.crt

Step 4: Configure Apache to Use SSL

To enable SSL on Apache, you need to configure it to use the SSL certificates you just transferred to the server. Follow these steps:

Open the Apache configuration file, “your_domain_or_ip.conf,” using the following command:

sudo nano /etc/apache2/sites-available/your_domain_or_ip.conf

Paste the following minimal VirtualHost configuration inside the “your_domain_or_ip.conf” file:

<VirtualHost *:443>
ServerName yourdomain.com
DocumentRoot /var/www/yourdomain

SSLEngine on
SSLCertificateFile /etc/ssl/yourdomain.crt
SSLCertificateKeyFile /etc/ssl/private/yourdomain-key.key
SSLCertificateChainFile /etc/ssl/certs/yourdomain.crt
</VirtualHost>

Be sure to update the ServerName line to however you intend to address your server. This can be a hostname, full domain name, or an IP address. Make sure whatever you choose matches the Common Name you chose when making the certificate.

The remaining lines specify a DocumentRoot directory to serve files from, and the SSL options needed to point Apache to our newly-created certificate and key.

Now let’s create our DocumentRoot and put an HTML file in it just for testing purposes:

sudo mkdir /var/www/your_domain_or_ip

Open a new index.html file with your text editor:

sudo nano /var/www/your_domain_or_ip/index.html

add any contents inside the HTML file

<h1>Hello Ai!</h1>

Save and close the file Next, we need to enable the configuration file with the a2ensite tool:

sudo a2ensite your_domain_or_ip.conf

Reload Apache to implement our changes:

sudo systemctl reload apache2

Next, let’s test for configuration errors:

sudo apache2ctl configtest

output should be

Output
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK

Else check the error any try to resolve

Now your domain should reflect https with hello ai html page.

--

--

Tejaksha K
Tejaksha K

Written by Tejaksha K

I'm a Full Stack Developer & Cloud Expert with experience in Google Cloud Platform & AWS.

No responses yet