How to install Apache Web Server with a Self-Signed SSL Certificate on Linux Ubuntu 20.04 LTS or newer.


In this tutorial, you will learn how to install Apache Web Server with a self-signed SSL certificate on Linux Ubuntu 20.04 LTS or a newer version. HTTPS is an encrypted version of the HTTP protocol used for communication between a web server and a browser. Specifically, HTTPS refers to HTTP over Secure Socket Layer (SSL), where all data transmitted between the browser and the server is encrypted. SSL certificates play a crucial role in establishing trust between a web server and a browser. These certificates are issued by recognized third-party certificate authorities that verify the identity of the web server and its public key. Self-signed certificates are typically used internally within business environments or labs, and they are not signed by a recognized certificate authority. Despite lacking recognition, self-signed certificates provide the same level of encryption as trusted certificates. In this tutorial, we will demonstrate how to generate a self-signed certificate and configure Apache to use it for HTTPS communication.


The following is a list of items needed to complete the setup successfully:
1) An SSH client such as Putty or the MacOS terminal app
2) A server with atleast 4GB RAM, a dual core processor and 50GB of free disk space
3) Linux Ubuntu 20.04 LTS or any newer version
4) Full root access to the server
5) A stable internet connection.


The following is an overview of the steps covered in this tutorial:
1) Open an SSH connection to the Linux Ubuntu Server
2) Download and install Apache Web Server
3) Install openssl and generate a self-signed certificate
4) Configure Apache to use SSL
5) Test the configuration.

Step 1: Open an SSH connection to the Linux Ubuntu Server

The first step is to open an SSH connection to the Linux Ubuntu Server. If you are a Windows user, you can download and install PuTTY from the official website Double-click on the .exe file to launch PuTTY.

To configure the connection, follow these steps:

1. In the “Host Name (or IP address)” field, enter your server’s IP address or hostname.
2. Leave the “Port” field at the default (22) or enter your custom SSH port number.
3. Choose “SSH” as the “Connection type”.
4. You can also save this configuration by clicking on “Save” and giving your session a name for easy access later.

To establish the connection, click on the “Open” button to initiate the SSH connection. If you are a  macOS user, you can use the Terminal app found at  Applications > Utilities. To open an SSH connection, follow these steps:

1. In the Terminal window, type the following command, replacing with your server username and with your server’s IP address or hostname:

ssh username@ip-address-of-ubuntu-server

2. You’ll be prompted to confirm the server fingerprint. Type “yes” to proceed.
3. Enter your server password when prompted.

Step 1: Download and install Apache Web Server

Now that you have successfully opened an SSH connection to your Ubuntu Server, the next step is to download and install the Apache Web Server. You can easily install it by executing the following command:
apt install apache2 -y
When the installation process completes verify apache is running by running the command:
 systemctl status apache2
The command should return output that contains the following details:
apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
   Active: active (running)

Step 2: Install OpenSSL and generate a self-signed certificate.

The next step is installing OpenSSL and generating the self-signed certificate. Run the following command to install OpenSSL:

sudo apt install openssl -y

When the installation completes, generate a private key and a certificate signing request (CSR) using the following command in your terminal:

openssl req -nodes -newkey rsa:2048 -keyout /etc/ssl/private/private.key -out /etc/ssl/private/request.csr

When you run this command, you’ll be prompted to provide your certificate information which includes your Common Name, Organization, City, State, and Country. Once you’ve provided this information, the CSR will be generated. After the CSR is generated, you can create the SSL certificate with the following command:

openssl x509 -in /etc/ssl/private/request.csr -out /etc/ssl/private/certificate.crt -req -signkey /etc/ssl/private/private.key -days 365

Once the certificate and key files are generated, you can use them with Apache webserver.

Step 3: Configure Apache to use SSL

After generating the certificate in the previous step, you need to configure Apache to use it. Open the default SSL configuration file for Apache by running the command:

nano /etc/apache2/sites-available/default-ssl.conf

Update the file and ensure it looks like this:

ServerName your-server-ip
DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/ssl/private/certificate.crt
SSLCertificateKeyFile /etc/ssl/private/private.key

<filesmatch "\.(cgi|shtml|phtml|php)$"="">
SSLOptions +StdEnvVars

SSLOptions +StdEnvVars

Save the changes made to the file and enable the https virtualhost by running the command:

a2ensite default-ssl.conf

Open the Apache default virtual host configuration file by running the command:

 nano /etc/apache2/sites-available/000-default.conf

In this file, add a redirect directive to point all traffic to the SSL version of the site, as shown below:

ServerName your-server-ip
DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

Redirect "/" "https://your-server-ip/

After editing and saving the file, the SSL and header modules should be enabled with the following commands:

a2enmod ssl
a2enmod headers

Finally, the Apache service should be reloaded to implement the changes:

systemctl reload apache2

Step 4: Test the configuration

Open a new browser window and enter the URL https://your-server-ip. You’ll be directed to a warning page which is not uncommon. This is due to the fact that the certificate hasn’t been authorized by trusted certificate authorities. 

You can disregard this message and proceed to your host by clicking on “proceed”. The Apache default page will be displayed. In the address bar of your browser, you’ll notice a lock icon with a “not secure” message. Although the certificate hasn’t been validated, it is still securing your connection.


In this tutorial, you’ve learn the steps for installing and configuring Apache web server with a self-signed SSL certificate on Ubuntu 20.04 or newer versions. Remember that self-signed certificates lack verification from trusted authorities and may trigger browser warnings for users accessing your website. For production environments, consider using trusted certificates issued by recognized providers to enhance user trust and website security. We hope that this tutorial has been informative and we’d like to thank you for reading it.

Scroll to Top