Setup SSL on Ubuntu server using GoDaddy certificate

Let’s create a directory under the home dir so that we know where our certs are.

openssl genrsa -out domain.org.key 2048
openssl req -new -sha256 -key domain.org.key -out domain.org.csr

Here you need to enter the details of the domain – Please note that the common name is the domain name on which the SSL will work. So, make sure whether you need the ‘www’ in place or not etc.

Now, login to your GoDaddy account and set up a new certificate under https://certs.godaddy.com/ccp/home.seam

For the CSR, you can take copy the content by

cat domain.org.csr

and paste it to the textbox.

You can double check the CSR content at http://www.sslshopper.com/csr-decoder.html or using the following command

openssl req -in domain.org.csr -noout -text

Once you submit, it would have to undergo validation process. An email is sent to the domain owner for verification. Once verified it will be issued and available for download – ensure that Apache is selected when downloading the file. You can upload the zip file to the server and decompress it on the server itself –

unzip domain.org.zip

The file contains two crt files – domain.org.crt and gd_bundle.crt. Copy the certificate, godaddy bundle and the key to /etc/apache2/ssl directory

  sudo cp domain.org.key /etc/apache2/ssl/
  sudo cp domain.org.crt /etc/apache2/ssl/
  sudo cp gd_bundle.crt /etc/apache2/ssl/

Now update the virtualhost entry as indicated below

Update the virtual host file

sudo nano /etc/apache2/sites-available/domain.org
<VirtualHost nnn.nnn.nnn.nnn:443>
 
  # Admin email, Server Name (domain name) and any aliases
  ServerAdmin admin@domain.org
  ServerName  domain.org
 
 
  # Document Root (where the public files are located)
  DocumentRoot /blah
  <Directory /blah>
    Options -Indexes +FollowSymLinks
    Require all granted
  </Directory>
 
 
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/domain.org.crt
  SSLCertificateKeyFile /etc/apache2/ssl/domain.org.key
  SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt
 
</VirtualHost>

For servers that are lower than Apache 2.2, use the following

<VirtualHost nnn.nnn.nnn.nnn:443>
 
  # Admin email, Server Name (domain name) and any aliases
  ServerAdmin admin@domain.org
  ServerName  domain.org
 
 
  # Document Root (where the public files are located)
  DocumentRoot /blah
  <Directory /blah>
    Options -Indexes FollowSymLinks
    Order allow,deny
    allow from all
  </Directory>
 
 
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/domain.org.crt
  SSLCertificateKeyFile /etc/apache2/ssl/domain.org.key
  SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt
 
</VirtualHost>

If you’re setting up multiple sites, you can create individual directories so as to keep the gd_bundle.crt exclusive to each other.

Reload apache and you should be all set.

  sudo /etc/init.d/apache2 reload

For the ssl sites to work, the mod_ssl must be enabled, if not get that enabled as well

sudo a2enmod ssl

2 thoughts on “Setup SSL on Ubuntu server using GoDaddy certificate”

  1. Thanks for the article — I’ll be trying it out this weekend but have a couple questions before I start.

    1) After I have completed all the above steps, am I also supposed to go to the WordPress admin panel Settings > General section and change the ‘WordPress Address URL’ and ‘Site Address URL’ from http://domain.com to https://domain.com?

    2) Will my site be accessible to those that have it saved in their bookmarks without the new https address?

Leave a Reply

Your email address will not be published.