Installing a Godaddy SSL Certificate into Apache Ubuntu Linux

Godaddy is probably the cheapest SSL certificate provide on the web with their root CA present in all the major browsers. I was able to pick up a 12 month SSL certificate for only $12.99 (~£10.00 inc VAT) by following the link HERE

Now on to the good stuff.

  • Webserver: Ubuntu 8.04 LTS
  • Apache2 with http.conf: /etc/apache2/http.conf

First we need to generate a ‘key’ file that tells our server apart from other servers. You should have openssl installed on your machine, if not, simply type in

sudo apt-get install openssl

Then change to the directory to the place you would like to store everything. In my case, I chose:

mkdir /etc/apache2/ssl
kdir /etc/apache2/ssl/certs
mkdir /etc/apache2/ssl/private
cd /etc/apache2/ssl/private
openssl genrsa -out websitename.key 2048

This will spit out a key for our server to create the CSR which is what we need to send to send to Godaddy in order to get the required files to finish the setup. Next we generate a CSR (so in the same directory):

openssl req -new -key websitename.key -out websitename.csr

When filling out the CSR via the terminal it will ask you for several things(Country Name, State or Province, Locality Name, Organization Name, Organizational Unit Name, Common Name, Email Address, and Password) Some of these are optional, but make sure that under Common Name you put your website url (website.com).

Now, we need the contents of this CSR to give to godaddy.

cat websitename.csr

Copy the text and paste it into Godaddy’s CSR pane. Make sure you keep the —Begin— and —End— stuff or else godaddy will reject it. I also chose the Starfield Technologies certificate just because it sounded cooler than Godaddy. Once accepted, you would then download the certificate.

Click on the common name [yourwebsite] then on download. Select Apache server type. This will give you a zip file with two files in it. You need to copy the website.crt to /etc/apache2/ssl/certs and the sf_bundle.crt to /etc/apache2/ssl I used a program called WinSCP to drag and drop these files in there via ssh.

Recap:

Folder Layout >
/etc/apache2/ssl/
        -certs
        |__ website.crt
        -private
        |__ website.key
        |__ website.csr (Can be deleted)
        -sf_bundle.crt

We need to edit our http.conf file to make sure that we have a valid path for the SSL. Here is my Vhost listing for the ssl. As you can see I have added a few extra things to make it play nice. I turned on SSLEngine and included the files for it to work properly. Feel free to copy and paste with minor changes.

<VirtualHost *:443>
  ServerName example.com
  ServerAlias example.com
  SSLEngine on
  SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  SSLCertificateFile /etc/apache2/ssl/certs/website.crt
  SSLCertificateKeyFile /etc/apache2/ssl/private/website.key
  SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt
  DocumentRoot /var/www/www.website.com/htdocs
</VirtualHost>

Now when you restart apache:

/etc/init.d/apache2 restart

11 Responses

  1. Hi Jon

    I’m trying to setup a godaddy certificate for our new wordpress site. I’m using a turnkeylinux instance. I’m running to all kinds of problems. Would yo be willing to help with this installation as a consultant. I can provide payment through paypal or any other means. It’s just its a very important function that this required by our client
    thanx. Im located in reston viriginia

  2. Hi Jon,

    Just wanted to add that it works with VirtualHosts *:443, but only if you have a wildcard SSL certificate. Otherwise you should enter a static IP address (VirtualHosts 192.168.1.2:443).

    Unfortunately, though, it doesn’t work with sub-sub-domain names (i.e. two.sub.example.com will not be accepted with the *.example.com certificate.)

    Thank you.
    Alexis

  3. Jon, while my comment does not directly pertain to installing the certificate, it may be worth noting that first time installers may need to run the following two commands to enable SSL on their apache installation:

    a2ensite default-ssl
    a2enmod ssl

    You would run these commands after modifying your VirtualHost section, before issuing a restart.

    Thanks!

    -baji.

  4. Thanks for the article — I’ll be trying it out this weekend but have a couple questions before I start.

    1) After I have completed all the above steps, am I also supposed to go to the WordPress admin panel Settings > General section and change the ‘WordPress Address URL’ and ‘Site Address URL’ from http://domain.com to https://domain.com?

    2) Will my site be accessible to those that have it saved in their bookmarks without the new https address?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.