How to Install and Renew SSL Certificates on a Linux Server

This article explains how to install and renew SSL certificates on a Linux server using Apache and OpenSSL. SSL encrypts communication between clients and servers, helping protect sensitive data and ensure secure access to hosted applications.

In this guide, we will demonstrate the steps to take on an Ubuntu-based Linux server, but the process is the same on most Linux distributions with minor command variations.

Before proceeding, you must have the following prerequisites:

• A Linux server deployed on Kamatera
• Root or sudo privileges
• Apache web server installed
• Network access to the server IP address

Update the system

Start by updating the system package index.

sudo apt update

This ensures the latest package metadata is available before installing or configuring services.

Install Apache Web Server

If Apache is not already installed, install it using the package manager.

sudo apt install apache2 -y

After installation, verify that Apache is running:

sudo systemctl status apache2

The service should show as active (running).

Verify Apache via browser (HTTP)

Open a web browser and navigate to the server’s IP address:

http://your_server_ip

If Apache is working correctly, the default Apache test page will be displayed.

Generate a Self-Signed SSL Certificate

For testing or internal environments, you can generate a self-signed SSL certificate using OpenSSL.

Run the following command:

sudo openssl req -x509 -nodes -days 365 \

-newkey rsa:2048 \

-keyout /etc/ssl/private/selfsigned.key \

-out /etc/ssl/certs/selfsigned.crt

When prompted, enter the required certificate information.

For Common Name, use the server’s IP address or hostname.

Verify certificate files

Confirm that the certificate and private key were created successfully.

sudo ls -l /etc/ssl/private/selfsigned.key

sudo ls -l /etc/ssl/certs/selfsigned.crt

Note:
Access to /etc/ssl/private is restricted. Permission denied errors are expected unless commands are run with sudo.

Enable SSL Module in Apache

Enable the Apache SSL module:

sudo a2enmod ssl

Restart Apache to apply the change:

sudo systemctl restart apache2

Enable the default SSL site

Apache includes a default SSL virtual host configuration. Enable it using:

sudo a2ensite default-ssl.conf

Restart Apache again:

sudo systemctl restart apache2

Verify Apache status:

sudo systemctl status apache2

Step 8: Test HTTPS Access

Open a browser and navigate to:

https://your_server_ip

Because the certificate is self-signed, the browser will display a security warning.
Proceed past the warning to confirm that the Apache default page loads over HTTPS.

This confirms that SSL is successfully configured.

And that’s it—you’ve now successfully installed and renewed your SSL certificate on Linux, ensuring your server remains secure with trusted HTTPS encryption.