Use Openssl to generate CSR and private key and securely store them at your home directory
cd ~
openssl req -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
When prompted, the most important field is Common Name (e.g. server FQDN or YOUR name) []:
For single site use your FQDN like domain.com or www.domain.com
For wildcard use *.domain.com
The .csr file is what we need to send to CA for SSL Cert REQUEST
cat domain.com.csr
After getting commercial Certificate,
Name certifiate with domain.crt extension
Name intermediate certifiate with domain.intermediate.crt extension
Copy your existing virtualhost conf listening on port 80
sudo cp /etc/apache2/sites-available/your.domain.com.conf /etc/apache2/sites-available/your.domain.443.com.conf
Redirect traffic from 80 to 443 (always use ssl)
sudo nano /etc/apache2/sites-available/your.domain.com.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
Install Certificate on your.domain.443.com.conf
sudo nano /etc/apache2/sites-available/your.domain.443.com.conf
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /home/userx/domain.com.crt
SSLCertificateKeyFile /home/userx/domain.com.key
Finally enable SSL and your.domain.443.conf
sudo a2enmod ssl
sudo a2ensite your.domain.443.conf
sudo service apache2 restart