You are here

The Definitive SSL Certificate Installation Manual

On January 31, I installed SSL on my startup website, Mediography.by. If you want to know how to do this, look no further as this blog post will focus on the actual installation process for an SSL certificate. Then my next blog post will cover configuration issues that should address almost every newbie's problems. So let's get started.

First, a disclaimer. I am no Linux expert, and went through pretty much every error message that anybody could possibly imagine. The good news is that I solved every single one of my own problems, but the bad news is that if you're trying to do something that's not covered here (like installing multiple SSL certificates), I probably don't know the answer. So if you have any questions, make sure it's related to what is covered here. And if you are an expert and think that any of the information here is still incomplete or wrong, please let me know and I will correct it.

For Mediography.by, the SSL certificate was a Comodo PositiveSSL purchased on Black Friday for $0.98 from Namecheap and installed on a DigitalOcean server with CentOS 6.x & Virtualmin that has one IP address shared by multiple websites that were all built with Drupal (unlike the past, you no longer need a dedicated IP address to install an SSL certificate). So if you have a different configuration, you might have to make adjustments accordingly. Here we go.

A) https://www.digitalocean.com/community/questions/how-can-i-install-a-com...

Since I'm on DigitalOcean, this is a good place to start. According to DigitalOcean staff moderator kamaln7, we're supposed to follow some specific steps of instructions in the following two links:

I) https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-cer... -> Follow steps 1 & 2.

II) https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-cer... -> Follow steps 2 & 3.

III) https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-cer... -> Follow steps 4 & 5.

The problem is that you will most likely get lost at some point if you don't really know what you're doing. This is because the steps are technically correct, but is missing some valuable information that will leave a lot of people scratching their heads. So instead, follow my foolproof guide. I'll show you every single step, including necessary Linux commands for the newbies.

B) https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-cer...

Follow steps 1 & 2 verbatim as they are correct. Then you're supposed to go to step C below. But before you do that, you need to first go to the directory you just created. To do that, type the following command:

cd /etc/httpd/ssl

Now proceed to step C.

C) https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-cer...

Here you're supposed to go through just steps 2 & 3. However, the first part of step 2 is incorrect. The number 1024 should be 2048 like the following (or else you will eventually get an error in step D):

sudo openssl genrsa -des3 -out server.key 2048

Now follow the rest of the steps 2 & 3. Then you're supposed to go to step F. However, this is where you actually need to activate the SSL certificate you purchased, and then upload it to your server. So proceed to steps D & E first.

D) https://www.namecheap.com/support/knowledgebase/article.aspx/794/67/how-...

Just follow the instructions, and you should be fine. I got my SSL certificate emailed to me from Comodo within a few minutes.

E) Upload the SSL certificate (server.crt) to your server in the /etc/httpd/ssl directory that you created in step B. So in DigitalOcean, you would first log into your server via FTP as root and upload the file to the root directory. Then type the following command in the console to move it to the correct directory:

sudo mv server.crt /etc/httpd/ssl/server.crt

F) https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-cer...

Follow step 4 verbatim as it is correct. But let's take a closer look at step 5. Let's say you type what it says, which is the following command:

/etc/init.d/httpd restart

It'll work as long as you're logged in as root. If not, you will most likely get an error message or two, such as the following:

Stopping httpd: [FAILED]
Starting httpd: Warning: DocumentRoot [/home/yourwebsite/public_html] does not exist
Syntax error on line xxx of /etc/httpd/conf/httpd.conf:
Wrapper /home/yourwebsite/fcgi-bin/php5.fcgi cannot be accessed: (13)Permission denied
[FAILED]

If you're not logged in as root, the correct command should start with "sudo":

sudo /etc/init.d/httpd restart

Here's a screenshot that shows the whole process:

Httpd Restart Error Messages

Httpd Restart Error Messages

Also, note the "/" before the "etc". If you forget it, you'll get a "command not found" error. That's how Linux works. You have to get every single character correct, or you'll only be close but no cigar.

And that's it. Good luck!

P.S. My next blog post will focus on various configuration options (especially for servers with one IP address shared by multiple websites), including the following:
* Redirecting http:// to https:// for the website that has the SSL certificate.
* Redirecting https:// to http:// for the rest of your websites on your server. For example, https://jayl.ee kept redirecting to https://mediography.by, so I had to figure out how to redirect it to http://jayl.ee. This caused me some minor headaches.
* How to take care of the infamous "Index of /" problem. This caused me some major headaches.

You are here