With Self-Signed Certificates

In this Lab, we will install a web server (Apache2) and enable HTTPS using self-signed SSL certificates. Lab session has to be done in the Ubuntu VM.

Install Apache2

Apache is a web server application that is widely used on the internet for more than 20 years, and it is a well-documented piece of Free and Open Source Software managed by the Apache Foundation. (

Before installing, we need to update our repositories.

sudo apt-get update

Once the repo lists are updated run,

sudo apt-get install apache2

When asked, press Y and hit Enter to continue, and the installation will proceed.

Check installed apache version details by issuing,

$ apache2 -v

Now go to your host machine. Open a web browser and type the IP address of your Ubuntu VM. You will get the Apache default page.

Self-Signed Certificate

Use the following command to create the certificate and the key.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt

You will be asked series of questions; answer them carefully.

Country Name (2 letter code) [AU]:LK
State or Province Name (full name) [Some-State]:Kandy
Locality Name (eg, city) []:Peradeniya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst
Organizational Unit Name (eg, section) []:IT Team
Common Name (e.g. server FQDN orYOUR name) []:
Email Address []

Once finished, it will create two files in /etc/ssl. Private will be saved as apache_prv.key, and certificate will be saved as apache_crt.crt

Configure apache

let us create virtual host files for the web

sudo nano /etc/apache2/sites-available/lab.conf

Include the following

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
         ServerName <FQDN of your website>
         DocumentRoot /var/www/html
         <Directory /var/www/html>
                  Require all granted
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
         SSLEngine on
         SSLCertificateFile      /etc/ssl/certs/apache_crt.crt
         SSLCertificateKeyFile /etc/ssl/private/apache_prv.key
         <FilesMatch "\.(cgi|shtml|phtml|php)$">
                  SSLOptions +StdEnvVars
         <Directory /usr/lib/cgi-bin>
                  SSLOptions +StdEnvVars

Now enable this site and SSL by

sudo a2enmod ssl
sudo a2ensite lab.conf

Try browsing from your host machine https://<IP address of the Ubuntu VM>, and you will be warned about the untrusted connection as it is a self-signed authentication.

HTTPS with Let's Encrypt

Prior to enabling HTTPS via let's encrypt, you need to satisfy the following;

  • You have public IP connectivity.
  • Both HTTP and HTTPS are enabled from firewall/s.
  • HTTP site is working. If you have multiple webserver virtual hosts, make sure the ServerName attribute in every host config file is correctly populated.
  • Proper DNS values are assigned to your IP address.

Follow the guideline from the official certbot. (These steps can change time to time, so always refer the original site.)
Last modified 2 years ago Last modified on Sep 7, 2021, 1:35:16 AM