X-Files Wiki

User Tools

Site Tools

Trace: freebsd_enable_ssl_on_apache_2.4
archive:freebsd_enable_ssl_on_apache_2.4

FreeBSD Enable SSL On Apache 2.4

This guide is based on using Certbot and “Let's Encrypt” a guide on how to install this can be found here: Certbot howto Once this has been installed we can move on to configuring Apache to use the SSL certificate provided by “Let's Encrypt” Let's start with setting up files and directories where we will store the keys. 

mkdir /usr/local/etc/apache24/ssl.key
mkdir /usr/local/etc/apache24/ssl.crt
chmod 0700 /usr/local/etc/apache24/ssl.key
chmod 0700 /usr/local/etc/apache24/ssl.crt

Next copy the Certificate files from Let's Encrypt to the right place and set the right permissions, change domain.xxx to you a real domain. 

cd /usr/local/etc/letsencrypt/live/domain.com
cp fullchain.pem /usr/local/etc/apache24/ssl.crt/domain.com.pem
cp privkey.pem /usr/local/etc/apache24/ssl.key/domain.com.key
chmod 0400 /usr/local/etc/apache24/ssl.crt/domain.com.pem
chmod 0400 /usr/local/etc/apache24/ssl.key/domain.com.key

Next we need edit the configuration for Apache to use SSL. 

vi /usr/local/etc/apache24/extra/httpd-ssl.conf

In the file above change the following to match you configuration where DocumentRoot is the location for your website. 

DocumentRoot "/usr/local/www/apache24/data"
ServerName www.example.com:443
ServerAdmin you@example.com

Next find this line: 

SSLCertificateFile "/usr/local/etc/apache24/server.crt"

And change it to this, remember to change domain.xxx to a real domain name: 

SSLCertificateFile "/usr/local/etc/apache24/ssl.crt/domain.xxx.pem"

Next find this line: 

SSLCertificateKeyFile "/usr/local/etc/apache24/server.key"

And change it to this, remember to change domain.xxx to a real domain name: 

SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key/domain.xxx.key"

Now we need to enable the ssl module in the Apache configuration file i.e httpd.conf 

vi /usr/local/etc/apache24/httpd.conf

In that file uncomment the following line. 

#LoadModule ssl_module libexec/apache24/mod_ssl.so

So it looks like this. 

LoadModule ssl_module libexec/apache24/mod_ssl.so

And now uncomment this line. 

#Include etc/apache24/extra/httpd-ssl.conf

So it looks like this. 

Include etc/apache24/extra/httpd-ssl.conf

Final check. 

apachectl configtest

If everything looks ok we can restart apache. 

apachectl restart
archive/freebsd_enable_ssl_on_apache_2.4.txt · Last modified: 24/11/2023 12:29 by Allan