1

hi all,

what is the best to enable ssl by default on apache2 ubuntu, looking online there are lots of ways ie

im leaning towards the bottom url as that seems to enable it by default, or are there any other ways

thanks,
rob

4 Spice ups
2

What do you mean by best?

There are generally multiple ways to achieve the same outcome, neither one is better than the other.

While I have not read your links, the second one mentions self-signed, so that shouldn’t be used at all.

In most cases you need to copy over your valid cert and update your config(s) to match this, then restart Apache.

If you’re using NGINX or some other reverse proxy, you need to adjust your config there too.

2 Spice ups
3

thanks @Rod-IT

i used this

https://www.namecheap.com/support/knowledgebase/article.aspx/10314/33/ssl-certificate-installation-on-apache2-debian-ubuntu/

and then to auto redirect to https i added these lines under virtualhost 80

ServerName mysite.example.com
   Redirect permanent / https://mysite.example.com/

rather than having this

SSLCertificateFile /etc/ssl/1.crt
SSLCertificateKeyFile /etc/ssl/1.key
SSLCertificateChainFile /etc/ssl/1.ca-bundle

can i miss the chain file and just cat the chain file in with the cert file?

2 Spice ups
4

Give it a go, you’ll learn from what happens.

1 Spice up
5

I’m a huge fan of LetsEncrypt - https://letsencrypt.org/ - and you seem to like DigitalOcean, so there’s this;
How To Secure Apache with Let's Encrypt on Ubuntu | DigitalOcean

But seriously, there are a lot of tutorials on setting up LE on a lot of platforms - once it’s set up and working, it seems to just keep going, I haven’t needed to intervene on my certs for years, it’s nice.