Link Search Menu Expand Document (external link)

Installing TLS/SSL Certificates in Apache Server


This article assumes that you have experience with Apache 2 and configuring Virtual Hosts in Linux or Windows.

Get the Certificate Files Manually

You can download the files required to install the TLS/SSL certificate in the Apache web server from the RCL Portal on the Certificate Details page.


Get the Certificate Files Automatically

You can also use the RCL CertificateBot to automatically renew and download the files required to install the TLS/SSL certificate in the Apache web server.

The certificate files will be saved on the hosting machine at the path you specified in the appsettings.json configuration file.

Files Required

The files required are :

  • Certificate Private Key (.key)
  • Primary Certificate (.crt)
  • Intermediate Certificates (CA Bundle) (.crt)

Assigning the TLS/SSL certificate to Apache

After you have downloaded the certificate files, the next step is to edit your Apache configuration file to use them.

It is assumed that you have Apache 2 already installed and hosting your website on your server. In addition, you have established your own custom domain name that points to your website.

Ensure the SSL module is enabled in apache.

Linux Command

sudo a2enmod ssl

Windows :

In the httpd.conf file, change the following lines by removing the leading # sign in order to uncomment the lines:

#Loadmodule ssl_module modules/

#LoadModule socache_shmcb_module modules/

#Include conf/extra/httpd-default.conf

Create a Virtual Host

In your server, create a Virtual Host entry or file for your domain under the recommended folder. Use it to enable SSL and include the certificate files as required.

If there is a SSL default template available in your apache server, then use the template to create the Virtual Host.

In Linux, the Virtual Host files are usually located at:


In Windows, the Virtual Host files are usually located at:


Please see the Virtual host example below:

<VirtualHost *:443>

   DocumentRoot /path/to/mysite

# This is the important section   

   SSLEngine on
   SSLCertificateFile	/path/to/primaryCertificate.crt
   SSLCertificateKeyFile /path/to/privateKey.key
   SSLCertificateChainFile /path/to/caBundle.crt

Note : The SSLCertificateChainFile may be named SSLCACertificateFile in some apache installations.

You can modify the names of the files and paths to match the location and filename that you used to save your certificate files:

  • SSLCertificateFile - should be your Primary Certificate file (.crt)
  • SSLCertificateKeyFile - should be the Certificate Private Key file (.key)
  • SSLCertificateChainFile - should be the CA Bundle (Intermediate Certificates) file (.crt)

Ensure the Virtual host is enabled in apache.

Linux example command for ‘mysite.conf’ :

sudo a2ensite mysite.conf

Reload the Apache service once you’re done.

Linux command:

sudo systemctl reload apache2

In Windows, restart the Apache service.

Now you can confirm your domain SSL certificate using any of the SSL checker tools available. Or you can just browse the URL.