Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
All you have done is generate the certificates, you need to configure your Apache site now with the SSL certificates and a redirect from port 80 to port 443.
I am going offline now, South Africa and it’s closing in on 6pm for me so time to down tools. Here’s an example that may help you. And of course once you modify your vhost remember to restart apache.
# SSL CONFIG PORT 443
# ###################
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName mydomain.com www.mydomain.com
ServerAdmin webmaster@mydomain.com
RewriteEngine On
DocumentRoot /var/www/html/mydomain.com
LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Set the HTTP Strict Transport Security (HSTS) header to guarantee
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Prevent clickjacking
Header set X-Frame-Options "SAMEORIGIN"
# Prevent mime based attacks
Header set X-Content-Type-Options "nosniff"
<Directory "/var/www/html">
AllowOverride All
Options FollowSymLinks
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem
<Directory "/var/www/html">
SSLOptions +StdEnvVars
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
# PORT 80 CONFIG
# ##############
<VirtualHost *:80>
ServerName mydomain.com www.mydomain.com
ServerAdmin webmaster@mydomain.com
DocumentRoot /var/www/html/mydomain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
the challange i am on a shared host server that has SNI i dont have root access and i dont think i can acess the config files or restart the server
cant i configure it without a restart required?
You can’t. This is an inherently administrative operation which an individual shared hosting user can’t do without the host’s permission.
Your certificate just says that you’ve proven to a certificate authority that you control the domain name, and that you use a certain encryption key. However, that’s separate from making your web server serve your site via HTTPS, which only the host has the power to do. The host would need to use the certificate as part of this configuration in order to prevent users from getting security errors in their browser when they access the site, but the certificate doesn’t somehow force your host to serve your site in HTTPS, nor allow you to do so without the host’s assistance.
You could switch hosts or plans, or double-check whether you have a control panel interface that allows you to upload third-party certificates (which some hosts offer, but definitely not all).