How Do I Enable HTTPS On Apache Web Server


Apache is one of the most popular web servers serving more than 30% percent of the websites. It is a free and open-source HTTP server. It comes packaged with tons of tools and features to run applications securely and with ease.
This tutorial describes how to set up SSL secure websites on the Apache Webserver.

NOTE: This tutorial is written and tested for Debian 9, 10, and 11 and Ubuntu 20.04.


To follow along with this guide, you will require to have the following:

  1. An Ubuntu/Debian installation
  2. A sudo or root permissions to install packages, modify configuration files, and restart services.

Installing Apache

If you do not have Apache installed, we need to install it. Enter the commands:

sudo apt update
sudo apt install apache2 openssl

Once you have the Apache Server installed, start the service and ensure everything is working correctly.

Enabling Mod_SSL and Mod_Rewrite Modules.

The next step is to enable the mod_ssl and mod_rewrite modules. To do this, we use the a2enmod script, which allows us to enable and disable modules in the apache configuration.

Use the commands as shown below:

sudo a2enmod ssl
sudo a2enmod rewrite

Enable .htaccess Override

The next step is to edit the Apache configuration and add an entry to allow the Apache default settings to override. Overriding settings are done in the .htaccess file located in the Apache root directory.

sudo vim /etc/apache2/apache2.conf

Navigate to the end of the file and add the following entry:

<Directory /var/www/html>
    AllowOverride ALL

Save and close the file.

Generating SSL Certificate

There are various ways to get a free SSL certificate. Tools such as certbot and SSL generators are great options.

However, in this guide, we will create a self-signed certificate using the OpenSSL utility.

Create a directory in the Apache configuration directory as:

sudo mkdir /etc/apache2/certs

Navigate into the directory created above.

cd /etc/apache2/certs

Run the OpenSSL utility to generate your self-signed certificate as provided in the command below:

sudo openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out apache.crt -keyout apache.key

NOTE: You can provide any information in this process except Common Name. Ensure to give an IP address or hostname.

Once the process is completed successfully, you should have the apache.crt and apache.key in the certs directory.

Adding Cert to Apache Configuration

Add the certificate by editing the configuration file of the Apache default website.

sudo vim /etc/apache2/sites-enabled/000-default.conf

Add a virtual host block on port 443 as shown:

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateFile /etc/apache2/certs/apache.crt
    SSLCertificateKeyFile /etc/apache2/certs/apache.key


sudo a2ensite default-ssl.conf

Redirecting to HTTPS.

In most cases, you will want to redirect users from no SSL endpoint to SSL. You do this by adding a Rewrite rule on the port 80 virtual hosts.

Add the entry as:

        RewriteEngine on
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

NOTE: Ensure the Blocks above are under the port 80 virtual host.

Restart and Access Apache

Once everything above is configured, restart the Apache service and access your website via localhost.

You can view the certificate information by clicking on the lock icon in your browser.


In this guide, we covered how to enable and configure SSL on the Apache webserver.

「一键投喂 软糖/蛋糕/布丁/牛奶/冰阔乐!」