• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » How to Yearly Update SSL/TLS Certificate in Apache2 Server

By Abhishek Ghosh October 2, 2021 6:24 pm Updated on October 2, 2021

How to Yearly Update SSL/TLS Certificate in Apache2 Server

Advertisement

This is an extra guide in addition to configuring Ubuntu server to run Apache2, PHP, MySQL. Instead of Let’s Encrypt, we are using a paid DV SSL certificate. CA browser forum has made it mandatory to yearly replace (read the PDF here) the SSL/TLS certificate to any avoid security breach. So, even a webmaster purchases an SSL/TLS certificate for 2-5 years, the annual work is mandatory. This yearly work is a burden to the webmasters of unmanaged servers. This article will provide you a-kind-of-help to make the workflow smooth and error-free.

We are taking it granted that your site configuration files are kept at :

Vim
1
/etc/apache2/sites-available

and SSL certificates are kept at :

Advertisement

---

Vim
1
/etc/ssl/private

If you have followed our guides to install and configure WordPress, then your Apache2 site configuration file will have the below lines:

Vim
1
2
3
4
5
...
SSLCertificateFile /etc/ssl/private/public2022.crt
SSLCertificateKeyFile /etc/ssl/private/private.key
SSLCertificateChainFile /etc/ssl/private/intermediate2022.crt
...

How to Yearly Update SSL TLS Certificate in Apache2 Server
 

Step one : Click to start the renewal process in browser

 

This should be the first step every year when you’ll renew the certificate. We will suggest starting the process at least a week before the expiration. You’ll receive one email to confirm/allow the renewal/reissue, and another email will have three certificates in .crt format – one certificate is for your domain, and another is an intermediate certificate. We will not need the third certificate (root certificate).

You can not order till you reach the next step since you’ll need the .csr file again. In the case of a commercial setup, changing the private key and CSR is practical. This much security is not required for an ordinary personal website i.e. you can re-use the old private key and old CSR key. Remember that this is not recommended by the security experts but it saves time for low-risk servers. So, you are just copy-pasting the .csr file to obtain the new certificate.

 

Step two : SSH and navigate to the location of the SSL certificate files

 

cd to the location where you have kept your SSL certificates:

Vim
1
cd /etc/ssl/private/

Keep the old and new certificates in a meaningful, organized manner in this directory. I usually keep the certificates in this way:

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
4096 Oct  2 08:05 .
4096 Nov 25  2018 ..
1102 Aug  5  2018 2018.csr
769 May 28  2017 dhparams_4096.pem
1724 Jun  7  2017 inter.crt
1692 Aug  5  2018 intermediate2018.crt
1688 Sep  3  2018 intermediate2020.crt
1903 Sep  5  2020 intermediate2021.crt
1905 Oct  2 08:05 intermediate2022.crt
1733 May 28  2017 intermediate.crt
1724 Jun  7  2017 inter.pem
1704 May 28  2017 private.key
2097 Aug  5  2018 public2018.crt
2253 Sep  3  2018 public2020.crt
2229 Sep  5  2020 public2021.crt
2376 Oct  2 08:04 public2022.crt
2270 May 28  2017 public.crt
1444 Jun  7  2017 root.crt
3168 Jun  7  2017 root-intermediate.crt
3168 Jun  7  2017 root-intermediate.pem
1444 Jun  7  2017 root.pem
1704 May 28  2017 ssl-cert-snakeoil.key
5030 Aug  5  2018 test-intermediate.pem

 

Step three : Create empty files and paste the content of each certificate

 

If you are using Microsoft Windows and Ubuntu Bash to SSH to the server, then you can easily copy-paste the content of the browser/computer to the SSH screen.

Vim
1
2
3
4
nano public2023.crt
# paste the content
nano intermediate2023.crt
# paste the content

 

Step four : Edit the Apache2 configuration file

 

You have to edit the file names in the site configuration file, in our example, the configuration files are located at /etc/apache2/sites-available, you’ll need to change only two lines, you do not need to change the private key:

Vim
1
2
3
4
5
...
SSLCertificateFile /etc/ssl/private/public2022.crt
SSLCertificateKeyFile /etc/ssl/private/private.key
SSLCertificateChainFile /etc/ssl/private/intermediate2022.crt
...

Run a config test :

Vim
1
apachectl -t

and restart Apache:

Vim
1
service apache2 restart

and finally reboot the instance:

Vim
1
reboot

A reboot will erase any caching by the running operating system. Remember to do the above steps for your www sub-domain as well (when you are using a naked domain like us).

 

Step five : Test

 

Load your website and check the expiry date. We need to check the certificate chain and formally run a full test:

Vim
1
2
3
4
5
6
7
8
https://www.geocerts.com/ssl-checker
https://www.thesslstore.com/ssltools/ssl-checker.php
https://www.sslshopper.com/ssl-checker.html
https://observatory.mozilla.org/
https://gf.dev/tls-scanner
https://www.wormly.com/test_ssl
https://www.ssllabs.com/ssltest/
https://tls.imirhil.fr/

You have to do this every year, so if you have not kept things easy, make it easy to remember now.

This Article Has Been Shared 653 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to How to Yearly Update SSL/TLS Certificate in Apache2 Server

  • How To Set Up rsnapshot For Backup Of WordPress on Cloud Server/VPS

    rsnapshot Once Set, Can Automatically Incrementally Backup. Here is How To Set Up rsnapshot For Backup Of WordPress on Cloud Server/VPS.

  • How to Automatically Redirect Subdirectory to Domain (Apache 2.4)

    Here is How to Automatically Redirect Subdirectory to Domain With Apache 2.4 So That Wildcard Pattern Will Not Need Manual Configuration.

  • MongoDB versus MySQL

    MySQL is the most popular relational database which is free to use. Typically, MongoDB is for different type of applications to meet today’s need.

  • How to Install Apache Druid (Single Server)

    Apache Druid is an analytics database which can used to build data warehouse. Here is How to Install Apache Druid.

  • Review of Stellar Repair for MS SQL Database

    MS SQL Server is a commonly used server software for medium and large-sized enterprises for their database storage and analysis requirements. MS SQL Express and Developer editions are free while the major server edition costs a $530 license fee. Despite the higher cost. There is widespread adoption of SQL database because of the growing application […]

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Projector Screen Basics February 6, 2023
  • What is Configuration Management February 5, 2023
  • What is ChatGPT? February 3, 2023
  • Zebronics Pixaplay 16 : Entry Level Movie Projector Review February 2, 2023
  • What is Voice User Interface (VUI) January 31, 2023

About This Article

Cite this article as: Abhishek Ghosh, "How to Yearly Update SSL/TLS Certificate in Apache2 Server," in The Customize Windows, October 2, 2021, February 6, 2023, https://thecustomizewindows.com/2021/10/how-to-yearly-update-ssl-tls-certificate-in-apache2-server/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT