In this guide, we will setup Cloudflare SSL and configure Origin Certificate for Apache server. Follow the simple steps to install SSL on your website.

Here, we assume you have sudo user access in your server. Now, create a directory for storing certificate and key.

> sudo mkdir /etc/apache2/ssl

Now, to enable SSL in apache, run the following command:

> sudo a2enmod ssl

Restart the apache server for this to take effect.

> sudo systemctl restart apache2

Point to Cloudflare’s nameservers

Now, you need to signup on Cloudflare. There, you will need to provide your domain name (let’s say “example.com”). After, it will ask for updating the nameservers of your domain registrar. Once, you update the nameservers that cloudflare provide and your domain points to cloudflare nameservers, you can proceed to next steps.

Get Cloudflare Origin Certifcate and Private Key

In Cloudflare dashboard, navigate to “Crypto”, then under “Origin Certificates”, click on “Create Certificate”.

Select “Let Cloudflare generate a private key and a CSR” and set “Private key type” to “RSA”. Set “Certificate Validity” to “15 years” (These steps should be done by default.). Then, click “Next”.

Now, you will see your “Origin Certificate” and “Private key”.

Here, “Origin Certificate” will be something like this:

-----BEGIN CERTIFICATE-----
........
........
........
-----END CERTIFICATE-----

And, “Private key” will be something like:

-----BEGIN PRIVATE KEY-----
........
........
........
-----END PRIVATE KEY-----

Create Files to Store Origin Certificate and Private Key

Now, we will need to create two files under “/etc/apache2/ssl” directory to store certificate and key.

Create a new file under “/etc/apache2/ssl” directory to store “Origin Certificate”. Here, you can replace “example.com” with your domain name.

> sudo nano /etc/apache2/ssl/example.com.pem

Paste the content of “Origin Certificate” to the file and save it (Ctrl + X and Y to save).

Next, create a new file under “/etc/apache2/ssl” directory to store “Private key”.

> sudo nano /etc/apache2/ssl/example.com.key

Paste the content of “Private key” to the file and save it.

Now, you can verify if the files are there using the command:

> sudo ls /etc/apache2/ssl/

Make sure, you see both files “example.com.pem” and “example.com.key”.

Now, change the permission of this directory using the command:

> sudo chmod -R 655 /etc/apache2/ssl

Also, change the owernership to “www-data”.

> sudo chown -R www-data:www-data /etc/apache2/ssl

Configure Virtual Host for Cloudflare SSL Certificate

In your Apache’s virtual host configuration file, we need to turn on SSL and also, point to certificate files.

Open Apache’s virtual host file. Here, we use nano editor.

> sudo nano /etc/apache2/sites-available/example.com.conf

Here, you will see something like this:

<VirtualHost *:80> 
	ServerName example.com
        DocumentRoot /var/www/html
</VirtualHost>

Change the port 80 to 443 for SSL. Also, turn on SSLEngine and point to certificate and key file. Then, it will look like this:

<VirtualHost *:443> 
	ServerName example.com
        DocumentRoot /var/www/html

	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/example.com.pem
	SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
</VirtualHost>

For activating this virtual host file, you can the command:

> sudo a2ensite example.com.conf

To test the configuration, run the following command:

> apachectl configtest

Lastly restart Apache or reload Apache configuration.

> sudo service apache2 reload

Now, you can test your website by visiting: https://example.com/

Also, the SSL installation and new expiration date can be verified by different tools available online.

Leave a comment

Your email address will not be published. Required fields are marked *