Enable SSL on Apache2 on Ubuntu Linux (addendum)

I’ve been working on setting up a new server that hosts my WordPress site. I ran across a little gotcha that took me quite a while to figure out thus I thought I’d write down my finding so maybe it will help other folks out. I call this an addendum article because there are already many articles about how to create SSL certificates and how to set the certificate configuration in the VirtualHost file.  However, Iafter setting up the VirtualHost file for the web site there is still one critical piece that needs to be done and that is to enable SSL.

I am working on Ubuntu 18.04 LTS. I’ll include my file for this web site at the end so you can see what it looks like.

To completely enable SSL you also have to perform these three steps

Make sure the SSL module is enabled. Run the command

sudo a2enmod ssl

Then the secret that I could not find anywhere except in a comment of someone else’s post. If you don’t have the default-ssl site enabled then even though everything else is set up correctly your SSL still will not work. So run this command.

sudo a2ensite default-ssl

Reboot apache2

sudo systemctl restart apache2.service

Then you should be good to go.

Sometimes the best way to learn is by looking at examples so I include below the virtual host file for this web site. The file is called mikedice.net.conf. The web site always redirects non SSL traffic to SSL

<VirtualHost *:80> 
   ServerName mikedice.net
   ServerAlias www.mikedice.net 
   Redirect permanent / https://mikedice.net/ 
</VirtualHost>

<VirtualHost *:443>
 ServerName mikedice.net
 ServerAlias www.mikedice.net
 ServerAdmin admin@mikedice.net
 DocumentRoot /somelocation/mikedice.net/
        SSLEngine on
        SSLCertificateFile /somelocation/mikedice.net/server.crt
        SSLCertificateKeyFile /somelocation/mikedice.net/server.key
        SSLCACertificateFile /somelocation/mikedice.net/server-ca.crt
        <Directory /somelocation/mikedice.net/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

My enabled sites listing is below. You can see that default-ssl.conf is in the enabled sites directory

mike@ubuntu-server:/etc/apache2/sites-enabled$ ll

total 0

lrwxrwxrwx 1 root root 35 Jun  9 17:19 default-ssl.conf -> ../sites-available/default-ssl.conf

lrwxrwxrwx 1 root root 36 Jun  2 21:55 mikedice.net.conf -> ../sites-available/mikedice.net.conf