Install SSL Certificate Apache Debian 7

Apache Server, Apache2 mod_rewrite module and OpenSSL has been installed by default on Debian 7

Check OpenSSL  version

#openssl version

OpenSSL 1.0.1t  3 May 2016

Create SSL directory

#mkdir -p /etc/apache2/ssl
#cd /etc/apache2/ssl

Generate a pair of private key and public Certificate Signing Request (CSR)

#openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out myserver.csr

*** change myserver with domain name (

This creates a two files, myserver.key and myserver.csr. Enter details into your CSR, let the challenge password empty

Generating a 2048 bit RSA private key
writing new private key to ''
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:New South Wales
Locality Name (eg, city) []:Sydney
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Pty Ltd
Organizational Unit Name (eg, section) []:Web SSL Security
Common Name (e.g. server FQDN or YOUR name) []
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

#ls -la /etc/apache2/ssl
-rw-r--r-- 1 root root 1123 Nov 18 18:23
-rw-r--r-- 1 root root 1704 Nov 18 18:23

To create CRT and CA Bundle file log in to website where you buy the SSL Cert, vim and paste to their form to generate both CRT and CA Bundle files

Vim, paste to the panel where we buy the SSL Cert to generate CRT file. Follow their step then wait around 5 minutes for activation, with an email from Comodo Security Services  including Cert, CA file on attachment, once received, then download all the Cert, CA files then upload to your server at directory /etc/apache2/ssl.

cd /etc/apache2/ssl

Upload all the Cert, CA files to directory /etc/apache2/ssl above

Replace every of “AllowOverride None” with “AllowOverride all”, then insert SSL configuration to default-ssl

SKIP and jump to the SSL test on Qualys SSL Labs Rating A Configuration
Below instruction are outdated, better move to the SSL test Qualys Labs Configuration

#vim /etc/apache2/sites-available/default-ssl
SSLEngine on

#take from

SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv2 -SSLv3
SSLHonorCipherOrder On


SSLProxyProtocol +TLSv1.2 -SSLv2 -SSLv3

SSLCertificateFile /etc/apache2/ssl/
SSLCertificateKeyFile /etc/apache2/ssl/
SSLCertificateChainFile /etc/apache2/ssl/

Enable SSL Module

Ensure that the Apache SSL module is enabled, and enable default-ssl configuration:
‘default-ssl’ can be replaced by the real site name you set up in /etc/apache2/sites-available/

#cd /etc/apache2/ssl

Enable SSL

#a2enmod ssl

Disable SSL

#a2dismod ssl

Apply SSL Module to Site

#a2ensite default-ssl

Disable SSL Module to Site

#a2dissite default-ssl

To activate the new configuration, you need to run:

#service apache2 reload


Debian 8 Install PHP5 Mariadb-Server Apache

Update and Upgrade the system then error occurred

#apt update -y && apt dist-upgrade -y
E: Release file for is expired (invalid since 487d 11h 2min 2s). Updates for this repository will not be applied

Solutions: Add this to the command: -o Acquire::Check-Valid-Until=false

#sudo apt-get -o Acquire::Check-Valid-Until=false update
#sudo apt-get -o Acquire::Check-Valid-Until=false dist-upgrade
#apt-get install -y software-properties-common

Then Reboot

Install the Apache2, Mariadb-Server, PHP5

#apt-get install apache2

Enable and load mod_rewrite Apache2 on Debian 8

#a2enmod rewrite

Then open and edit /etc/apache2/apache2.conf find

Options Indexes FollowSymLinks
AllowOverride All
Require all granted

Replace “AllowOverride None” to “AllowOverride all”

Enable Apache2 mod_headers & mod_expires on

To increase PageSpeed: Leverage browser caching.

enable mod_headers:

#a2enmod headers

enable mod_expires:

#a2enmod expires

Then restart Apache server to make these changes effective

#service apache2 restart

Install PHP 5

#apt-get install php5 && apt-get install php-pear && apt-get install php5-mysql && apt-get install php5-gd

If success then next install Mariadb-Server, if error below occurred, please follow instruction as follows;

Package php5 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'php5' has no installation candidate

Execute the following commands to install the required packages, then import packages signing key. After that configure PPA for the PHP packages

#apt install ca-certificates apt-transport-https
#wget -q -O- | apt-key add -
#echo "deb stretch main" | tee /etc/apt/sources.list.d/php.list

Installing PHP 5.6

Execute the following commands for installing PHP 5.6

#apt update
#apt install php5.6
#apt-get install php5.6-cli php5.6-common php5.6-curl php5.6-mbstring php5.6-mysql php5.6-xml php5.6-gd

Finish up by restarting apache:

#service apache2 restart

Test the php working or not

Create new php file at /var/www/html

#vim info.php


<?php phpinfo(); ?>

Open browser http://localhost/info.php

Install Mariadb-Server

#apt-get install mariadb-server