To review the Apache config: (rename 000-default.conf
to whatever yours is set to)
cat /etc/apache2/sites-available/000-default.conf
To create the necessary certificates (you can choose any name you want for the file):
sudo openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Make sure to type the URL or IP of your site (eg localhost
or 127.0.0.1
for the prompt Common Name (e.g. server FQDN or YOUR name) []:.
If this is just for testing, don't password protect anything without a good reason...
Once you have the keys, add this to the Apache config:
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
To restart Apache and load new config: sudo systemctl restart apache2
To debug errors: journalctl -xe
If you're getting err_ssl_protocol_error
: a2ensite default-ssl.conf
You may need to copy settings over from 000-default.con
to default-ssl.conf
(stored in the same folder) to get things working the way you had them.
If you are using PHPMyAdmin, You'll likely need to add/toggle the following to its config in /etc/phpmyadmin/config.inc.php
: $cfg['ForceSSL'] = true;