āļ§āļīāļ˜āļĩāļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āļāļąāļš Apache 2 āļŠāļģāļŦāļĢāļąāļš CentoS, Ubuntu, Linux Server

āđ€āļ•āļĢāļĩāļĒāļĄÂ SSL Certificate āļāđˆāļ­āļ™āļ•āļīāļ”āļ•āļąāđ‰āļ‡ āđƒāļŦāđ‰āļāļąāļš Apache

āļ‚āļąāđ‰āļ™āļ•āļ­āļ™āđ€āļ•āļĢāļĩāļĒāļĄāļāļēāļĢāļāđˆāļ­āļ™āļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āđƒāļŦāđ‰āļāļąāļš Apache āļ‚āļ­āļ‡āļ—āđˆāļēāļ™

  1. āļ—āļģāļāļēāļĢāļŠāļąāđˆāļ‡āļ‹āļ·āđ‰āļ­ SSL Certificate āļœāđˆāļēāļ™āļĢāļ°āļšāļšāļ­āļ­āļ™āđ„āļĨāļ™āđŒāļ—āļēāļ‡
    https://www.ireallyhost.com/cart/ssl
     
  2. āļ—āļģāļāļēāļĢāđ€āļ›āļīāļ”āđƒāļŠāđ‰āļ‡āļēāļ™ SSL Certificate
    https://www.ireallyhost.com/client/service/ssl/

1. āđ€āļĢāļīāđˆāļĄāļ•āđ‰āļ™āļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL āļāļąāļš Apache 2 āļāļąāļš Linux Server

āļ—āļģāļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ mod_ssl  āđāļĨāļ° āļ•āļĢāļ§āļˆāļŠāļ­āļšāļ§āđˆāļēāļ•āļīāļ”āļ•āļąāđ‰āļ‡ mod_ssl āđ€āļĢāļĩāļĒāļšāļĢāđ‰āļ­āļĒāđāļĨāđ‰āļ§

#āļŠāļģāļŦāļĢāļąāļš Ubuntu āļŠāļąāđˆāļ‡Â  
sudo a2enmod ssl
sudo a2enmod vhost_alias

#āļŠāļģāļŦāļĢāļąāļš CentOS āļŠāļąāđˆāļ‡Â Â 
yum -y install mod_ssl

#āļ•āļĢāļ§āļˆāļŠāļ­āļšāļœāļĨāļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ mod_ssl
apache2ctl -M  | grep ssl
āļŦāļĢāļ·āļ­
httpd -M  | grep ssl

āļāđˆāļ­āļ™āļ•āļīāļ”āļ•āļąāđ‰āļ‡ āļ—āļģāļāļēāļĢāļ•āļĢāļ§āļˆāļŠāļ­āļšāđƒāļŦāđ‰āđāļ™āđˆāļŠāļąāļ” āļ§āđˆāļē httpd āļŦāļĢāļ·āļ­ apache āļ•āļīāļ”āļ•āļąāđ‰āļ‡āļ­āļĒāļđāđˆāļ—āļĩāđˆāđƒāļ”
āđ‚āļ”āļĒāļĄāļēāļāļŦāļēāļāļ•āļīāļ”āļ•āļąāđ‰āļ‡ apache2 āļ—āļĩāđˆ ubuntu āļˆāļ°āļ­āļĒāļđāđˆāļ—āļĩāđˆ /etc/apache2 āļŦāļĢāļ·āļ­ āļŦāļēāļāļ•āļīāļ”āļ•āļąāđ‰āļ‡āļšāļ™ centos āļĄāļąāļāļ­āļĒāļđāđˆāļ—āļĩāđˆ /etc/httpd

āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡āļ”āđ‰āļēāļ™āļĨāđˆāļēāļ‡āļ™āļĩāđ‰āļˆāļ°āļ–āļ·āļ­āļ§āđˆāļē path āļ‚āļ­āļ‡ apache āļ­āļĒāļđāđˆāļ—āļĩāđˆ /etc/httpd
āļŦāļēāļ web server āļ‚āļ­āļ‡āļ—āđˆāļēāļ™āļ•āļīāļ”āļ•āļąāđ‰āļ‡āļ­āļĒāļđāđˆāļ—āļĩāđˆ /etc/apache2 āđƒāļŦāđ‰āļ—āļģāļāļēāļĢāđāļāđ‰āđ„āļ‚ path āļˆāļēāļāđƒāļŦāđ‰āļ–āļđāļāļ•āđ‰āļ­āļ‡āļ•āđ‰āļ­āļ‡āļ”āđ‰āļ§āļĒ

āļžāļīāļĄāļžāđŒāļ„āļģāļŠāļąāđˆāļ‡āļ™āļĩāđ‰āđ€āļžāļ·āđˆāļ­āļ•āļĢāļ§āļˆāļŠāļ­āļšāļ§āđˆāļēāļ•āļīāļ”āļ•āļąāđ‰āļ‡āļ­āļĒāļđāđˆāļ—āļĩāđˆāđƒāļ”

whereis apache2 | grep /etc/apache* && whereis httpd | grep /etc/httpd

​​āļ—āļģāļāļēāļĢāđāļāđ‰āđ„āļ‚āđ„āļŸāļĨāđŒ config āļŦāļĨāļąāļāļ‚āļ­āļ‡ httpd.conf

  • vi /etc/httpd/conf/httpd.conf
     
  • āļŦāļĢāļ·āļ­ /etc/apache2/httpd.conf 
     
  • āļŦāļĢāļ·āļ­ /etc/apache2/apache2.conf

āļ„āđ‰āļ™āļŦāļēāļŠāđˆāļ§āļ™āļ—āļĩāđˆ 1

#LoadModule ssl_module modules/mod_ssl.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so

āđāļāđ‰āđ„āļ‚āļ™āļģ # Comment āļ”āđ‰āļēāļ™āļŦāļ™āđ‰āļēāļ­āļ­āļ

LoadModule ssl_module modules/mod_ssl.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

āļ„āđ‰āļ™āļŦāļēāļŠāđˆāļ§āļ™āļ—āļĩāđˆ 2

#​​​​​​​Include conf/extra/httpd-ssl.conf 

āđāļāđ‰āđ„āļ‚āļ™āļģ # Comment āļ”āđ‰āļēāļ™āļŦāļ™āđ‰āļēāļ­āļ­āļ

​​​​​​​Include conf/extra/httpd-ssl.conf 

āļ—āļģāļāļēāļĢ Save āđ„āļŸāļĨāđŒ

 

3. āļ§āļīāļ˜āļĩāļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āđƒāļŦāđ‰āļāļąāļš Apache āļŦāļĢāļ·āļ­ Apache2

* āļ—āļģāļāļēāļĢāđ€āļ›āļĨāļĩāđˆāļĒāļ™āļŠāļ·āđˆāļ­Â domain_com āđ€āļ›āđ‡āļ™āļŠāļ·āđˆāļ­āđ‚āļ”āđ€āļĄāļ™āđ€āļ™āļĄāļ‚āļ­āļ‡āļ—āđˆāļēāļ™

  1. āļŠāļĢāđ‰āļēāļ‡āđ‚āļŸāļĨāđ€āļ”āļ­āļĢāđŒāļŠāļģāļŦāļĢāļąāļšāđ€āļāđ‡āļšāđ„āļŸāļĨāđŒ Certificate āđ€āļŠāđˆāļ™
    āļŠāļēāļĄāļēāļĢāļ–āļ—āļģāļāļēāļĢāđ€āļ›āļĨāļĩāđˆāļĒāļ™ domain_com āđ€āļ›āđ‡āļ™āļŠāļ·āđˆāļ­āđ‚āļ”āđ€āļĄāļ™āļ‚āļ­āļ‡āļ—āđˆāļēāļ™
    • mkdir -p /etc/httpd/conf/ssl/domain_com_āļŠāļ·āđˆāļ­āđ‚āļ”āļĄāđ€āļ™āļ‚āļ­āļ‡āļ—āđˆāļēāļ™
       
  2. āļ™āļģāđ„āļŸāļĨāđŒ Certificate āļ•āđˆāļēāļ‡āđ† āđƒāļŠāđˆāđ„āļ§āđ‰āļĒāļąāļ‡āđ‚āļŸāļĨāđ€āļ”āļ­āļĢāđŒ
     
    • āđƒāļŠāđˆ Private Key āđƒāļ™āđ„āļŸāļĨāđŒ
      /etc/httpd/conf/ssl/domain_com/private.key
       
    • āđƒāļŠāđˆ SSL Domain Certificate āđƒāļ™āđ„āļŸāļĨāđŒ
      /etc/httpd/conf/ssl/domain_com/domain_name{āļŠāļ·āđˆāļ­āđ‚āļ”āđ€āļĄāļ™āļ‚āļ­āļ‡āļ—āđˆāļēāļ™}.crt
       
    • āđƒāļŠāđˆ CA Root āđƒāļ™āđ„āļŸāļĨāđŒ
      /etc/httpd/conf/ssl/domain_com/CARootCertificate-ca.crt

      ** āđ‚āļ›āļĢāļ”āļ•āļĢāļ§āļˆāļŠāļ­āļšāļŠāļ·āđˆāļ­ āđāļĨāļ°āļ™āļēāļĄāļŠāļāļļāļĨāđ„āļŸāļĨāđŒ āļ•āđ‰āļ­āļ‡āļ•āļĢāļ‡āļāļąāļ™ āļĢāļ°āļŦāļ§āđˆāļēāļ‡āđ„āļŸāļĨāđŒ āļāļąāļš āļ„āđˆāļē config āđƒāļ™ .conf āđ„āļŸāļĨāđŒ
      āļŦāļēāļāđ„āļĄāđˆāļ•āļĢāļ‡ āļŠāļēāļĄāļēāļĢāļ–āļ—āļģāļāļēāļĢ rename āđ€āļ›āļĨāļĩāđˆāļĒāļ™āļŠāļ·āđˆāļ­ āđāļĨāļ°āļ™āļēāļĄāļŠāļāļļāļĨāļ‚āļ­āļ‡āđ„āļŸāļĨāđŒ cert
      āļŦāļĢāļ·āļ­āļ•āļąāđ‰āļ‡āļŠāļ·āđˆāļ­āļ•āļēāļĄāļ—āļĩāđˆāļ•āđ‰āļ­āļ‡āļāļēāļĢāđ„āļ”āđ‰

       
  3. āļ—āļģāļāļēāļĢāļŠāļĢāđ‰āļēāļ‡āđ„āļŸāļĨāđŒ httpd config āļŠāļģāļŦāļĢāļąāļš Website āļ‚āļ­āļ‡āļ—āđˆāļēāļ™ āļŦāļĢāļ·āļ­ āļ—āļģāļāļēāļĢāđāļāđ‰āđ„āļ‚ āđ€āļŠāđˆāļ™
     
    vi /etc/httpd/sites-enabled/your-domain_com.conf
    āļŦāļĢāļ·āļ­
    vi /etc/apache2/sites-available/domain.com.conf​​​​​​​
    a2ensite domain.com.conf​​​​​​​

     
    āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡ Config āļŠāļģāļŦāļĢāļąāļš SSL āļŠāļģāļŦāļĢāļąāļš 1 āđ‚āļ”āđ€āļĄāļ™āđ€āļ™āļĄ

    <VirtualHost *:443>
        DocumentRoot "/var/www/html/"
        ServerName your-domain.com
        ServerAlias  www.your-domain.com
    
        #ErrorLog ${APACHE_LOG_DIR}/error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        SSLEngine on
        SSLCertificateFile "/etc/httpd/conf/ssl/domain_com/domain_name.crt"
        SSLCertificateKeyFile "/etc/httpd/conf/ssl/domain_com/private.key"
        SSLCertificateChainFile "/etc/httpd/conf/ssl/domain_com/CARootCertificate-ca.crt"
    </VirtualHost>
    
    <VirtualHost *:80>
        DocumentRoot "/var/www/html/"
        ServerName your-domain.com
        ServerAlias  www.your-domain.com
    
        #ErrorLog ${APACHE_LOG_DIR}/error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>


    āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡ Config āļŠāļģāļŦāļĢāļąāļš Sub domain Wildcard SSL

    <VirtualHost *:443>
        DocumentRoot "/var/www/html/"
        ServerAlias  *.your-domain.com
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        SSLEngine on
        SSLCertificateFile "/etc/httpd/conf/ssl/domain_com/domain_name.crt"
        SSLCertificateKeyFile "/etc/httpd/conf/ssl/domain_com/private.key"
        SSLCertificateChainFile "/etc/httpd/conf/ssl/domain_com/CARootCertificate-ca.crt"
    </VirtualHost>

4. āļ—āļ”āļŠāļ­āļšāļ„āļ§āļēāļĄāļ–āļđāļāļ•āđ‰āļ­āļ‡ āļāļēāļĢāļ•āļąāđ‰āļ‡āļ„āđˆāļē Config  āđāļĨāļ° āļŠāļąāđˆāļ‡ restart service apache

  • apache2ctl configtest
  • /etc/init.d/apache2 restart

 

āļ§āļīāļ˜āļĩāđāļāđ‰āđ„āļ‚āļ›āļąāļāļŦāļē error āļ•āđˆāļēāļ‡āđ†

Enable the SSL module

AH00526: Syntax error on line ... of /etc/apache2/apache2.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server config

āļ§āļīāļ˜āļĩāļāļēāļĢāđāļāđ‰āđ„āļ‚ āđƒāļŦāđ‰āļ—āļģāļāļēāļĢ enable the SSL module
āļŠāļģāļŦāļĢāļąāļš Ubuntu āļŠāļąāđˆāļ‡Â  sudo a2enmod ssl
āļŠāļģāļŦāļĢāļąāļš CentOS āļŠāļąāđˆāļ‡Â Â yum -y install mod_ssl

============================================

āļŦāļēāļāļžāļšāļ›āļąāļāļŦāļēāļ•āļīāļ” Firewall

  • āļ—āļģāļāļēāļĢ add port 443 (āđ‚āļ”āļĒāļ›āļāļ•āļīāđ€āļ›āļīāļ”āđ‚āļ”āļĒ default)
    sudo ufw allow 443
     
  • āļ•āļĢāļ§āļˆāļŠāļ­āļšāļŠāļ–āļēāļ™āļ° firewall
    ufw status

============================================

āđ‚āļŦāļĨāļ” mod_ssl.so āđāļĨāļ° mod_vhost_alias.so āđāļĨāđ‰āļ§

āļ•āļĢāļ§āļˆāļŠāļ­āļšāļāļēāļĢāđ€āļĢāļĩāļĒāļ mod_ssl āļˆāļēāļÂ httpd.conf āļŦāļĢāļ·āļ­Â apache2.conf

āļ•āļĢāļ§āļˆāļŠāļ­āļšāđ„āļŸāļĨāđŒÂ /etc/httpd/mods-available/ssl.load

  • LoadModule ssl_module modules/mod_ssl.so

āļ•āļĢāļ§āļˆāļŠāļ­āļšāđ„āļŸāļĨāđŒÂ /etc/httpd/mods-available/vhost_alias.load

  • LoadModule vhost_alias_module /usr/lib/apache2/modules/mod_vhost_alias.so

āļ•āļĢāļ§āļˆāļŠāļ­āļš Apache 2 āļĄāļĩ mod_ssl āđāļĨāđ‰āļ§āļŦāļĢāļ·āļ­āđ„āļĄāđˆ

  •  apache2ctl -M    | grep ssl

 

āļ­āđ‰āļēāļ‡āļ­āļīāļ‡āļ­āļ·āđˆāļ™āđ†
https://www.ireallyhost.com/kb/ssl/414
https://www.debuntu.org/how-to-enable-apache-modules-under-debian-based-system-page-2/
https://medium.com/@rachatatongpagdee/%E0%B8%97%E0%B8%B3-firewall-%E0%B8%9A%E0%B8%99-ubuntu-server-16-04-lts-8880e59729ed


 

āđ„āļ­āđ€āļĢāļĩāļĒāļĨāļĨāļĩāđˆāđ‚āļŪāļŠ
āļŠāļģāļŦāļĢāļąāļšāļāļēāļĢāļŠāļ™āļąāļšāļŠāļ™āļļāļ™ āđāļĨāļ°āļŠāđˆāļ§āļĒāđ€āļŦāļĨāļ·āļ­
http://www.ireallyhost.com/support
 
āļ‚āđ‰āļ­āļāļģāļŦāļ™āļ”āđƒāļ™āļāļēāļĢāđ€āļœāļĒāđāļžāļĢāđˆāļšāļ—āļ„āļ§āļēāļĄ āļ‚āđˆāļēāļ§āļŠāļēāļĢ
** āļšāļ—āļ„āļ§āļēāļĄāļ™āļĩāđ‰āļĄāļĩāļĨāļīāļ‚āļŠāļīāļ—āļ˜āļīāđŒ āđ„āļĄāđˆāļ­āļ™āļļāļāļēāļ•āļīāđƒāļŦāđ‰āļ„āļąāļ”āļĨāļ­āļ āļ—āļģāļ‹āđ‰āļģ āļ”āļąāļ”āđāļ›āļĨāļ‡āļāđˆāļ­āļ™āđ„āļ”āđ‰āļĢāļąāļšāļ­āļ™āļļāļāļēāļ• **
āđ‚āļ›āļĢāļ”āļĢāļ°āļšāļļāđāļŦāļĨāđˆāļ‡āļ—āļĩāđˆāļĄāļē āļšāļĢāļīāļĐāļąāļ— āđ€āļ­āđ‡āļāļ‹āđŒāļ•āļĢāđ‰āļē āļ„āļ­āļĢāđŒāļ›āļ­āđ€āļĢāļŠāļąāđˆāļ™ āļˆāļģāļāļąāļ” / https://www.ireallyhost.com
āļ—āļąāđˆāļ§āđ„āļ›
āļ„āļđāđˆāļĄāļ·āļ­ / āļ§āļīāļ˜āļĩāļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āļŠāļģāļŦāļĢāļąāļš cPanel Web Control Panel
āļšāļĢāļīāļāļēāļĢ SSL Certificate - āđ‚āļ”āļĒāđ„āļ­āđ€āļĢāļĩāļĒāļĨāļĨāļĩāđˆāđ‚āļŪāļŠ