5 minute guide to enable HTTPS for your website

Let's setup with Apache2 on a Linux server to secure your websites with https.

Joeri Vlekken's photo
Joeri Vlekken
ยทNov 9, 2022ยท

5 min read

Table of contents

  • Prerequisites
  • Install
  • Issue a certificate
  • Install the certificates on the web server
  • Test your setup

The days you paid for an expensive certificate to enable an https connection for your website are over. Unless you are a bank or need some high-security infrastructure you should be fine with a certificate of or They provide free valid SSL certificates at no cost in just seconds! How great is that? ๐Ÿฆ„

A https connection to a website

A caveat though: These certificates expire every 3 months so you would need to renew them every once in a while. Luckily there are some great tools available that automate this process.

My favorite solution is It's a shell script that:

  • Requests and installs a new certificate in 1 single command.

  • Performs a daily check whether one or more of your certificates need a renewal.

  • Renewals are done automatically.


We will assume that you have the following setup up and running:

  • A Linux server with sudo (root) access. (I'm using openSUSE Leap 15.3 but it should be the same for other distro's)

  • A running Apache2 web server.

  • A domain name with access to the DNS configuration.

Install has a very neat installation script that allows you to install and configure the entire package in 1 line! First login to your Linux instance and install with the following command:

sudo curl | sh

Note that we will install as root because we need it to configure the Apache web server automatically for us when initiating/renewing a certificate.

After a few seconds, you should see the output like this:

$ Installed to /root/
$ Installing cron job
$ Good, bash is found, so change the shebang to use bash as preferred.
$ OK
$ Install success!

You can verify that the script also installed the crontab module: this ensures that will check for renewals on a daily base. Execute crontab -e to see the installed cron tasks. You should see an output like this:

56 0 * * * "/root/"/ --cron --home "/root/" > /dev/null

If you see a line similar to the above, congratulations ๐ŸŽ‰๐ŸŽ‰! You have now installed

Issue a certificate

Make sure the A and AAAA records of your domain are pointing to your server before continuing!

Login as root and issue a certificate for your domain (replace your domain with your own)

sudo su
/root/ --issue --apache -d -d

In the command above we order 2 certificates: one for the domain itself and one for the www subdomain. You can add multiple domains in 1 certificate, this will save you some time copying the certificates afterward!

After a minute the order completes, and you should see a similar output as below:

$ Your cert is in: /root/
$ Your cert key is in: /root/
$ The intermediate CA cert is in: /root/
$ And the full chain certs is there: /root/

Well done, you now have a valid certificate on your system! Note down the certificate names and let's get them installed on the Apache website.

Install the certificates on the web server

Copy the certificates

First, we'll create the directories in Apache to store the certificates.

mkdir /etc/apache2/certs
mkdir /etc/apache2/certs/

Now tell to install and remember the location for the certificates: --install-cert -d \
--cert-file      /etc/apache2/certs/  \
--key-file       /etc/apache2/certs/  \
--fullchain-file /etc/apache2/certs/

You can now check your certificates in /etc/apache2/certs/

Let Apache use the new certificates

This is what we will tell Apache to do when you visit the website:

Diagram to instruct Apache to always use a https connection

  • All connections on HTTP (port 80) will be immediately redirected to the https version (port 443) of your website

  • The subdomain www is redirected to the non-www variant. Note that we also need a certificate for the www subdomain that is only used for secure redirection. This avoids warnings from the web browser when visiting directly.

  • This strategy will guarantee that your URLs are always the same (this is great for canonical URLs and Search Engine Optimization!)

Make sure the SSL module at Apache is enabled:

sudo a2enmod ssl

Now open the configuration of your website. (In openSUSE it is located at /etc/apache2/vhosts.d/

Add the following configuration inside the container for both the www and non-www alias:

<VirtualHost *:443>
        DocumentRoot /srv/www/

        <Directory /srv/www/>
          AllowOverride All
          Require all granted

        SSLEngine on
        SSLCertificateFile /etc/apache2/certs/
        SSLCertificateKeyFile /etc/apache2/certs/
        SSLCertificateChainFile /etc/apache2/certs/

<VirtualHost *:443>
        RedirectMatch permanent ^/(.*)$1
        SSLEngine on
        SSLCertificateFile /etc/apache2/certs/
        SSLCertificateKeyFile /etc/apache2/certs/
        SSLCertificateChainFile /etc/apache2/certs/

<VirtualHost *:80>
        RedirectMatch permanent ^/(.*)$1

Be sure to study the configuration above and adjust it to your specific needs.

Test your setup

Restart the Apache server and make sure no errors occur:

sudo systemctl restart apache2

Now visit your website online, and you should automatically be forwarded to your secured version!

Padlock in Chrome to assure we are using https

In most browsers you can check the validity and expiration date of the certificate by clicking on the padlock next to your website URL:

Certificate validation details in Chrome

Although everything is configured and the certificate should renew itself, be sure to check your certificates close to the expiry day to make sure that the configuration works!

That's it! ๐ŸŽ‰ Have a lot of fun with your secure websites! ๐Ÿ˜Š

Share this