Installing GoDaddy SSL on an EC2 Ubuntu Instance in AWS

If you have sensitive data on your site, you may want to install an SSL Certificate to make it more secure. Here is a brief tutorial being on AWS EC2 Ubuntu instance on how to set it up.

My server settings are Apache2 and Ubuntu 16.x

1. Login to ssh/terminal on your server

2. Enable SSL for WebServer(Apache2)

sudo a2enmod ssl

3. Create the server SSL Key

sudo bash

On Ubuntu this changes you to the root user as you cannot access the directory on the next step.

cd /etc/ssl/private
openssl genrsa -des3 -out myserver.com.key 2048

Make sure its 2048 and not 1024 bit as this would be required later on GoDaddy.

Enter keyphrase

5. Create the CSR (Certificate Service Request) to be entered on GoDaddy

openssl req -new -key myserver.com.key -out myserver.com.csr

Upon enter it will ask you for several things but make sure that under Common Name you put your website url (myserver.com). (GoDaddy will throw an error if it is not a correct website)

6. View the CSR and Copy. Paste it later to your GoDaddy SSL Certificate Management

7. On GoDaddy SSL Certificate Management make a Request and choose Third Party, Web Server no Control Panel. And Paste the CSR code.

a. Upon Submit you would get the approval. It would check that your domain registry and administrative contacts to verify.

b. If it cannot be verified via the domain registry, you will be emailed a code that you need to create as a file and upload to your server instead.

8. Install your certificate gd_bundle.crt and myserver.com.crt to your server. Upload them to the server and install. Back to shell

mv gd_bundle.crt /etc/ssl/gd_bundle.crt
mv myserver.com.crt /etc/ssl/certs/myserver.com.crt

9. Edit the default Apache2 values at /etc/apache2/sites-available/default. Create a new virtualhost

NameVirtualHost *:443
DocumentRoot /var/www/
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/myserver.com.crt
SSLCertificateKeyFile /etc/ssl/private/myserver.com.key
SSLCertificateChainFile /etc/ssl/gd_bundle.crt

10. Make sure Apache2 to listen on port 443, edit the /etc/apache2/ports.conf

Under

Listen 443

10. Restart Apache

/etc/init.d/apache2 restart

If all went well you should be able to access https
For EC2 make sure Port 443 is enabled as well on the AWS Console

11. Then to force redirect users to https create an htaccess file and upload to your root www folder

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.myserver.com/$1 [R,L]