āļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āļšāļĢāļīāļāļēāļĢāļ‚āļ­āļ‡ CloudWays āļāļąāļš apache2 āļŠāļēāļĄāļēāļĢāļ–āļ”āļģāđ€āļ™āļīāļ™āļāļēāļĢāđ„āļ”āđ‰āļ”āļąāļ‡āļ™āļĩāđ‰
https://support.cloudways.com/en/articles/5129607-how-to-install-custom-ssl-certificate-on-your-application?utm_source=Platformkb&utm_medium=kbsearch

āđ€āļĢāļīāđˆāļĄāļ•āđ‰āļ™āđ€āļ•āļĢāļĩāļĒāļĄ SSL Certificate āļāđˆāļ­āļ™āļ•āļīāļ”āļ•āļąāđ‰āļ‡

āļ‚āļąāđ‰āļ™āļ•āļ­āļ™āđ€āļ•āļĢāļĩāļĒāļĄāļāļēāļĢāļāđˆāļ­āļ™āļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āđƒāļŦāđ‰āļāļąāļš Apache2 āļ‚āļ­āļ‡āļ—āđˆāļēāļ™

  1. āļ—āļģāļāļēāļĢāļŠāļąāđˆāļ‡āļ‹āļ·āđ‰āļ­ SSL Certificate āļœāđˆāļēāļ™āļĢāļ°āļšāļšāļ­āļ­āļ™āđ„āļĨāļ™āđŒāļ—āļēāļ‡
    https://www.ireallyhost.com/cart/ssl
     
  2. āļ—āļģāļāļēāļĢāđ€āļ›āļīāļ”āđƒāļŠāđ‰āļ‡āļēāļ™ SSL Certificate
    https://www.ireallyhost.com/client/service/ssl/

āđ€āļĢāļīāđˆāļĄāļ•āđ‰āļ™āļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL āļāļąāļš Apache 2 āļāļąāļš Linux Server

āļ—āļģāļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ mod_ssl  āđāļĨāļ° āļ•āļĢāļ§āļˆāļŠāļ­āļšāļ§āđˆāļēāļ•āļīāļ”āļ•āļąāđ‰āļ‡ mod_ssl āđ€āļĢāļĩāļĒāļšāļĢāđ‰āļ­āļĒāđāļĨāđ‰āļ§

#āļŠāļģāļŦāļĢāļąāļš Ubuntu āļŠāļąāđˆāļ‡Â  
sudo a2enmod ssl
sudo a2enmod vhost_alias

#āļŠāļģāļŦāļĢāļąāļš CentOS āļŠāļąāđˆāļ‡Â Â 
yum -y install mod_ssl

#āļ•āļĢāļ§āļˆāļŠāļ­āļšāļœāļĨ
apache2ctl -M  | grep ssl
āļŦāļĢāļ·āļ­
httpd -M  | grep ssl

āļ•āļĢāļ§āļˆāļŠāļ­āļš config āđ„āļŸāļĨāđŒ āđ€āļžāļ·āđˆāļ­āļ—āļģāļāļēāļĢāđ€āļ›āļīāļ”āđāļāđ‰āđ„āļ‚āđ„āļŸāļĨāđŒ 

āđāļāđ‰āđ„āļ‚ httpd config

/etc/httpd/conf/httpd.conf
or /etc/apache2/httpd.conf 
or /etc/apache2/apache2.conf

āļŦāļĢāļ·āļ­āļ„āđ‰āļ™āļŦāļēāđ‚āļŸāļĨāđ€āļ”āļ­āļĢāđŒāļ—āļĩāđˆāļ•āļīāļ”āļ•āļąāđ‰āļ‡ apache āļ”āđ‰āļ§āļĒāļ„āļģāļŠāļąāđˆāļ‡ whereis
whereis apache
whereis apache2
whereis httpd

āļ„āđ‰āļ™āļŦāļēāļŠāđˆāļ§āļ™āļ—āļĩāđˆ 1

#LoadModule ssl_module modules/mod_ssl.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so

āđāļāđ‰āđ„āļ‚āļ™āļģ # Comment āļ”āđ‰āļēāļ™āļŦāļ™āđ‰āļēāļ­āļ­āļ

LoadModule ssl_module modules/mod_ssl.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

āļ„āđ‰āļ™āļŦāļēāļŠāđˆāļ§āļ™āļ—āļĩāđˆ 2

#​​​​​​​Include conf/extra/httpd-ssl.conf 

āđāļāđ‰āđ„āļ‚āļ™āļģ # Comment āļ”āđ‰āļēāļ™āļŦāļ™āđ‰āļēāļ­āļ­āļ

​​​​​​​Include conf/extra/httpd-ssl.conf 

āļ—āļģāļāļēāļĢ Save āđ„āļŸāļĨāđŒ

 

āļ§āļīāļ˜āļĩāļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āđƒāļŦāđ‰āļāļąāļš Apache āļŦāļĢāļ·āļ­ Apache2

* āļ—āļģāļāļēāļĢāđ€āļ›āļĨāļĩāđˆāļĒāļ™āļŠāļ·āđˆāļ­ domain_com āđ€āļ›āđ‡āļ™āļŠāļ·āđˆāļ­āđ‚āļ”āđ€āļĄāļ™āđ€āļ™āļĄāļ‚āļ­āļ‡āļ—āđˆāļēāļ™

  1. āļŠāļĢāđ‰āļēāļ‡āđ‚āļŸāļĨāđ€āļ”āļ­āļĢāđŒāļŠāļģāļŦāļĢāļąāļšāđ€āļāđ‡āļšāđ„āļŸāļĨāđŒ Certificate āđ€āļŠāđˆāļ™
    āļŠāļēāļĄāļēāļĢāļ–āļ—āļģāļāļēāļĢāđ€āļ›āļĨāļĩāđˆāļĒāļ™ domain_com āđ€āļ›āđ‡āļ™āļŠāļ·āđˆāļ­āđ‚āļ”āđ€āļĄāļ™āļ‚āļ­āļ‡āļ—āđˆāļēāļ™
    • mkdir -p /etc/httpd/conf/ssl/domain_com_āļŠāļ·āđˆāļ­āđ‚āļ”āļĄāđ€āļ™āļ‚āļ­āļ‡āļ—āđˆāļēāļ™
       
  2. āļ™āļģāđ„āļŸāļĨāđŒ Certificate āļ•āđˆāļēāļ‡āđ† āđƒāļŠāđˆāđ„āļ§āđ‰āļĒāļąāļ‡āđ‚āļŸāļĨāđ€āļ”āļ­āļĢāđŒ
     
    • āđƒāļŠāđˆ Private Key āđƒāļ™āđ„āļŸāļĨāđŒ
      /etc/httpd/conf/ssl/domain_com/private.key
       
    • āđƒāļŠāđˆ SSL Domain Certificate āđƒāļ™āđ„āļŸāļĨāđŒ
      /etc/httpd/conf/ssl/domain_com/domain_name{āļŠāļ·āđˆāļ­āđ‚āļ”āđ€āļĄāļ™āļ‚āļ­āļ‡āļ—āđˆāļēāļ™}.crt
       
    • āđƒāļŠāđˆ CA Root āđƒāļ™āđ„āļŸāļĨāđŒ
      /etc/httpd/conf/ssl/domain_com/CARootCertificate-ca.crt

      ** āđ‚āļ›āļĢāļ”āļ•āļĢāļ§āļˆāļŠāļ­āļšāļŠāļ·āđˆāļ­ āđāļĨāļ°āļ™āļēāļĄāļŠāļāļļāļĨāđ„āļŸāļĨāđŒ āļ•āđ‰āļ­āļ‡āļ•āļĢāļ‡āļāļąāļ™ āļĢāļ°āļŦāļ§āđˆāļēāļ‡āđ„āļŸāļĨāđŒ āļāļąāļš āļ„āđˆāļē config āđƒāļ™ .conf āđ„āļŸāļĨāđŒ
      āļŦāļēāļāđ„āļĄāđˆāļ•āļĢāļ‡ āļŠāļēāļĄāļēāļĢāļ–āļ—āļģāļāļēāļĢ rename āđ€āļ›āļĨāļĩāđˆāļĒāļ™āļŠāļ·āđˆāļ­ āđāļĨāļ°āļ™āļēāļĄāļŠāļāļļāļĨāļ‚āļ­āļ‡āđ„āļŸāļĨāđŒ cert
      āļŦāļĢāļ·āļ­āļ•āļąāđ‰āļ‡āļŠāļ·āđˆāļ­āļ•āļēāļĄāļ—āļĩāđˆāļ•āđ‰āļ­āļ‡āļāļēāļĢāđ„āļ”āđ‰
       
  3. āļ—āļģāļāļēāļĢāļŠāļĢāđ‰āļēāļ‡āđ„āļŸāļĨāđŒ config āļŠāļģāļŦāļĢāļąāļš web site āļ‚āļ­āļ‡āļ—āđˆāļēāļ™ āļŦāļĢāļ·āļ­āđāļāđ‰āđ„āļ‚ āđ€āļŠāđˆāļ™

    vi /etc/httpd/sites-enabled/your-domain_com.conf
    <VirtualHost *:443>
        DocumentRoot "/var/www/html/"
        ServerName your-domain.com
        ServerAlias  www.your-domain.com
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        SSLEngine on
        SSLCertificateFile "/etc/httpd/conf/ssl/domain_com/domain_name.crt"
        SSLCertificateKeyFile "/etc/httpd/conf/ssl/domain_com/private.key"
        SSLCertificateChainFile "/etc/httpd/conf/ssl/domain_com/CARootCertificate-ca.crt"
    </VirtualHost>

    āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡ Config āļŠāļģāļŦāļĢāļąāļš Sub domain Wildcard SSL

    <VirtualHost *:443>
        DocumentRoot "/var/www/html/"
        ServerAlias  *.your-domain.com
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        SSLEngine on
        SSLCertificateFile "/etc/httpd/conf/ssl/domain_com/domain_name.crt"
        SSLCertificateKeyFile "/etc/httpd/conf/ssl/domain_com/private.key"
        SSLCertificateChainFile "/etc/httpd/conf/ssl/domain_com/CARootCertificate-ca.crt"
    </VirtualHost>
  4. āļ—āļ”āļŠāļ­āļšāļ„āļ§āļēāļĄāļ–āļđāļāļ•āđ‰āļ­āļ‡ āļāļēāļĢāļ•āļąāđ‰āļ‡āļ„āđˆāļē Config  āđāļĨāļ° āļŠāļąāđˆāļ‡ restart service apache
    • apache2ctl configtest
    • /etc/init.d/apache2 restart

 

āļ§āļīāļ˜āļĩāđāļāđ‰āđ„āļ‚āļ›āļąāļāļŦāļē error āļ•āđˆāļēāļ‡āđ†

Enable the SSL module

AH00526: Syntax error on line ... of /etc/apache2/apache2.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server config

āļ§āļīāļ˜āļĩāļāļēāļĢāđāļāđ‰āđ„āļ‚ āđƒāļŦāđ‰āļ—āļģāļāļēāļĢ enable the SSL module
āļŠāļģāļŦāļĢāļąāļš Ubuntu āļŠāļąāđˆāļ‡  sudo a2enmod ssl
āļŠāļģāļŦāļĢāļąāļš CentOS āļŠāļąāđˆāļ‡  yum -y install mod_ssl

============================================

āļŦāļēāļāļžāļšāļ›āļąāļāļŦāļēāļ•āļīāļ” Firewall

  • āļ—āļģāļāļēāļĢ add port 443 (āđ‚āļ”āļĒāļ›āļāļ•āļīāđ€āļ›āļīāļ”āđ‚āļ”āļĒ default)
    sudo ufw allow 443
     
  • āļ•āļĢāļ§āļˆāļŠāļ­āļšāļŠāļ–āļēāļ™āļ° firewall
    ufw status

============================================

āđ‚āļŦāļĨāļ” mod_ssl.so āđāļĨāļ° mod_vhost_alias.so āđāļĨāđ‰āļ§

āļ•āļĢāļ§āļˆāļŠāļ­āļšāļāļēāļĢāđ€āļĢāļĩāļĒāļ mod_ssl āļˆāļēāļ httpd.conf āļŦāļĢāļ·āļ­ apache2.conf

āļ•āļĢāļ§āļˆāļŠāļ­āļšāđ„āļŸāļĨāđŒ /etc/httpd/mods-available/ssl.load

  • LoadModule ssl_module modules/mod_ssl.so

āļ•āļĢāļ§āļˆāļŠāļ­āļšāđ„āļŸāļĨāđŒ /etc/httpd/mods-available/vhost_alias.load

  • LoadModule vhost_alias_module /usr/lib/apache2/modules/mod_vhost_alias.so

āļ•āļĢāļ§āļˆāļŠāļ­āļš Apache 2 āļĄāļĩ mod_ssl āđāļĨāđ‰āļ§āļŦāļĢāļ·āļ­āđ„āļĄāđˆ

  •  apache2ctl -M    | grep ssl

 

āļ­āđ‰āļēāļ‡āļ­āļīāļ‡āļ­āļ·āđˆāļ™āđ†
https://www.ireallyhost.com/kb/ssl/414
https://www.debuntu.org/how-to-enable-apache-modules-under-debian-based-system-page-2/
https://medium.com/@rachatatongpagdee/%E0%B8%97%E0%B8%B3-firewall-%E0%B8%9A%E0%B8%99-ubuntu-server-16-04-lts-8880e59729ed


 

āđ„āļ­āđ€āļĢāļĩāļĒāļĨāļĨāļĩāđˆāđ‚āļŪāļŠ
āļŠāļģāļŦāļĢāļąāļšāļāļēāļĢāļŠāļ™āļąāļšāļŠāļ™āļļāļ™ āđāļĨāļ°āļŠāđˆāļ§āļĒāđ€āļŦāļĨāļ·āļ­
http://www.ireallyhost.com/support

 

 

 

 

 

āļ‚āđ‰āļ­āļāļģāļŦāļ™āļ”āđƒāļ™āļāļēāļĢāđ€āļœāļĒāđāļžāļĢāđˆāļšāļ—āļ„āļ§āļēāļĄ āļ‚āđˆāļēāļ§āļŠāļēāļĢ
** āļšāļ—āļ„āļ§āļēāļĄāļ™āļĩāđ‰āļĄāļĩāļĨāļīāļ‚āļŠāļīāļ—āļ˜āļīāđŒ āđ„āļĄāđˆāļ­āļ™āļļāļāļēāļ•āļīāđƒāļŦāđ‰āļ„āļąāļ”āļĨāļ­āļ āļ—āļģāļ‹āđ‰āļģ āļ”āļąāļ”āđāļ›āļĨāļ‡āļāđˆāļ­āļ™āđ„āļ”āđ‰āļĢāļąāļšāļ­āļ™āļļāļāļēāļ• **
āđ‚āļ›āļĢāļ”āļĢāļ°āļšāļļāđāļŦāļĨāđˆāļ‡āļ—āļĩāđˆāļĄāļē āļšāļĢāļīāļĐāļąāļ— āđ€āļ­āđ‡āļāļ‹āđŒāļ•āļĢāđ‰āļē āļ„āļ­āļĢāđŒāļ›āļ­āđ€āļĢāļŠāļąāđˆāļ™ āļˆāļģāļāļąāļ” / https://www.ireallyhost.com
āļ—āļąāđˆāļ§āđ„āļ›
āļ„āļđāđˆāļĄāļ·āļ­ / āļ§āļīāļ˜āļĩāļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āļŠāļģāļŦāļĢāļąāļš cPanel Web Control Panel
āļšāļĢāļīāļāļēāļĢ SSL Certificate - āđ‚āļ”āļĒāđ„āļ­āđ€āļĢāļĩāļĒāļĨāļĨāļĩāđˆāđ‚āļŪāļŠ