Rate this article: 
Loading...How to Install a Wildcard SSL Certificate on Ubuntu 22 Apache Server
Loading...A Step-by-Step Guide to Securing Your Apache Server on Ubuntu 22 with a Wildcard SSL Certificate and Activating Secure HTTPS Connections
Securing your website with an SSL certificate is crucial for data encryption and user trust. In this guide, we’ll walk you through the steps to purchase, generate, and install a Comodo Wildcard SSL certificate on an Apache web server running on Ubuntu 22. We’ll also cover how to setup HTTP to HTTPS redirects so every visitor’s data will be encrypted. By the end of this tutorial, your domain will be configured with secure HTTPS connections.
Prerequisite: Get a Comodo Wildcard SSL Certificate:
Before we begin, you’ll need to purchase a Comodo Wildcard SSL certificate. If you haven’t obtained one yet, you can purchase it at a discount right here on comodosslstore.com.
Comodo Wildcard Certificates – Enjoy Savings of Up To 72%
Secure exclusive pricing on your wildcard certificate purchase directly from us. Obtain a Comodo Wildcard Certificate for less than $70 per year.
Compare Wildcard SSL Certificates
Step-By-Step Guide to Install Wildcard SSL on an Ubuntu 22 Apache Server
Step 1: Generate a CSR Using an OpenSSL Command
The first step in installing a wildcard SSL certificate on Apache/Ubuntu is to generate a private key and a Certificate Signing Request (CSR) using OpenSSL. While this step can be done on your local computer, we recommend doing it on your server (via SSH), so the private key is stored on your server.
# sudo openssl req -newkey rsa:2048 -keyout /etc/ssl/private/PRIVATEKEY.key -out /etc/ssl/certs/MYCSR.csr -nodes
You can change PRIVATEKEY and MYCSR to names that will make sense to you. After running the command, you’ll be prompted to enter some additional details. When entering the Common Name, be sure to prefix the domain name with “*.” – this is required for wildcard certificates.
In this example, we generated a CSR located at /etc/ssl/certs/ and a private key located at /etc/ssl/private/. Both the private key and CSR have been successfully generated.
Step 2: Complete the Certificate Issuance Process
The next steps are to submit the certificate request to your certificate provider (eg. Comodosslstore.com) then complete the validation process to issue the certificate.
1. Use the command below to open the CSR file you generated, then copy the CSR contents to your clipboard.
# sudo cat /etc/ssl/certs/MYCSR.csr
2. Login to your certificate provider’s website (e.g. comodosslstore.com) and submit the CSR.
Complete validation using your preferred method. FIle-based validation is not allowed for wildcard certificates, so you’ll need to use one of these methods to prove that you control the domain:
Email Verification:
- Respond to an email sent to predefined addresses (e.g., [email protected]) with instructions for verification.
CNAME Record:
- Create a CNAME record in your domain’s DNS settings pointing to a validation domain specified by the CA.
Step 3: Download & Upload SSL Certificate Files
Next, you’ll need to open the certificate bundle and extract the CA bundle file (that’s your intermediate certificate) and the file that includes your domain name (that’s your SSL certificate).
Upload the files from your local machine (for example, using SFTP) to the Ubuntu 22 server. Be sure to place the files in a non-public folder, we suggest the standard directory located at /etc/ssl/certs.
Step 4: Configure Apache to Use the SSL Certificate
Now it’s time to actually install your wildcard SSL certificate on your server–you’ll need to configure Apache to use the SSL certificate to create secure connections on port 443. Here’s a breakdown of each step for Apache on Ubuntu 22:
1. Run this command to enable the SSL module for Apache.
# sudo a2enmod ssl
2. Create a Virtual Host Configuration file named with your domain (in this example “testroot.net.conf”) within the directory /etc/apache2/sites-available and include the following code, ensuring the required SSL settings are incorporated (be sure the paths to the certificate and key files are correct).
# sudo touch /etc/apache2/sites-available/testroot.net.conf
# sudo vim /etc/apache2/sites-available/testroot.net.conf
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName testroot.net
ServerAlias *.testroot.net
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/STAR_testroot_net.crt
SSLCertificateKeyFile /etc/ssl/private/PRIVATEKEY.key
SSLCertificateChainFile /etc/ssl/certs/My_CA_Bundle.ca-bundle
</VirtualHost>
# cat /etc/apache2/sites-available/testroot.net.conf
3. Run this command to enable the site configuration file you created. (Again, change the file name to match yours.)
# sudo a2ensite testroot.net.conf
4. Use this command to check the Apache configuration syntax for any errors before restarting the service.
# sudo apache2ctl -t
5. Restart the Apache service.
# sudo systemctl restart apache2
The virtual host configuration has been completed, and your site should now be accessible through both http and https You should also be able to access subdomains via https. Next, we will configure automatic redirections, so every visitor session is protected with HTTPS.
Step 5: Setup HTTP to HTTPS Website Redirection
This is needed to redirect HTTP URLs to HTTPS so that all visitors are protected. You’ll need to modify lines in /etc/apache2/apache.conf. Once the changes are made, you can create an .htaccess file with redirect rules.
1. # sudo vim /etc/apache2/apache2.conf
Locate line number 172 and change ‘AllowOverride None’ to ‘AllowOverride All.’ Additionally, go to line number 196 and update ‘Require all denied’ to ‘Require all granted.’ Save the changes and restart the Apache2 service.
2. # sudo systemctl restart apache2
3. Next, create a .htaccess file in the web document root path, which in our case is /var/www/html. Add the following code to the .htaccess file, ensuring proper permissions, and save it. Then, verify that the redirection from HTTP to HTTPS is functioning correctly by checking the link below.
# sudo touch /var/www/html/.htaccess
# sudo chown -R www-data:www-data /var/www/html
# sudo vim /var/www/html/.htaccess (Add the below code for website redirection.)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
4. Enable the mod_rewrite Module for Apache Server
# sudo a2enmod rewrite
# sudo systemctl restart apache2
Accessing your domain via http:// will automatically redirect you to the secure URL using the HTTPS protocol.
Step 6: Test Your SSL Installation
You’ve now completed the process to install a wildcard SSL certificate in Apache on an Ubuntu server.
You can use our free, it’s also a good idea to visit your website using HTTPS and ensure the SSL is working correctly.
Additional Tips
- Regularly update your SSL certificate to avoid expiration issues.
- Conduct regular security audits and vulnerability assessments of your website. Regularly check for security vulnerabilities in both your application code and the server environment. Use tools like security scanners and perform code reviews to identify and address potential security weaknesses.
- Always be sure your private key stays…well, private. One common mistake is to copy the private key into a code repository or into a public web folder (eg. any directory inside /var/www/html on an Apache server) where unauthorized parties could access it.
Common Questions
- Q: How often should I renew my SSL certificate?
- A: SSL certificates typically have a validity period of one year. Renew/re-issue them annually to ensure uninterrupted security.
- Q: What is the purpose of the Certificate Signing Request (CSR)?
- A: The CSR contains essential information (notably the public key) used to generate the SSL certificate.
