Deploy ssl certs to apache server

1. run acme.sh to copy the certificates to the correct location on the disk

1.1) create a sensible directory to store your apache certificates

I chose /etc/apache2/ssl

mkdir -p /etc/apache2/ssl

1.2) run acme.sh

A few notes:

• the parameters are stored in the .acme.sh configuration file, so get it right for your system as this file is read when the cron job runs
• "reloadcmd" is dependent on your operating system, system V Linux systems use the command "service apache2 force-reload", Solaris based systems use "svcadm restart apache2" or similar

acme.sh --install-cert -d online.domain.com \
--cert-file /etc/apache2/ssl/online.domain.com-cert.pem \
--key-file /etc/apache2/ssl/online.domain.com-key.pem \
--fullchain-file /etc/apache2/ssl/fullchain.pem \
--reloadcmd "service apache2 force-reload"

2. Set up your httpd.conf

There are so many ways to do this, it would take a long list to write every variant, however the specific codes you will need to set in your httpd.conf (or ssl.conf, or httpd-ssl.conf) are:

SSLCertificateFile /etc/apache2/ssl/online.domain.com-cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/online.domain.com-key.pem
SSLCertificateChainFile "/etc/apache2/ssl/fullchain.pem"

SSLCACertificatePath "/etc/apache2/ssl/"
SSLCACertificateFile "/etc/apache2/ssl/fullchain.pem"

Full sample apache ssl config

<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName online.domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/onlinedomaincom-ssl-error.log
        CustomLog ${APACHE_LOG_DIR}/onlinedomaincom-ssl-access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/online.domain.com-cert.pem
        SSLCertificateKeyFile /etc/apache2/ssl/online.domain.com-key.pem
        SSLCertificateChainFile "/etc/apache2/ssl/fullchain.pem"
        SSLCACertificatePath "/etc/apache2/ssl/"
        SSLCACertificateFile "/etc/apache2/ssl/fullchain.pem"
</VirtualHost>