安装Apache2证书

收到证书后，将证书复制到服务器上的安全位置。

接下来， 编辑apache2 ssl配置文件并添加证书详细信息。

在Ubuntu中，运行以下命令以打开默认的SSL文件。

sudo nano /etc/apache2/sites-available/default-ssl.conf

然后参照下面内容进行更改

<IfModule mod_ssl.c>
          <VirtualHost _default_:443>        
                ServerAdmin webmaster@localhost
                DocumentRoot /var/www/html
                # Available loglevels: trace8, . , trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf
                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on
                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/certs/ssl/your_domain_name.crt
                SSLCertificateKeyFile /etc/certs/ssl/your_private.key
                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                SSLCertificateChainFile /etc/certs/ssl/CAChain.crt
                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one

     </VirtualHost>
</IfModule>

调整文件名和路径以匹配证书文件

• sslcertificatefile应该是CA发布证书文件（例如，。your_domain_name.crt）。
• SSLCertificateKeyFile应该是创建CSR时生成的服务器密钥文件。
• sslcertificatechainfile应该是CA发布的中间证书文件（your_ca.crt）

在某些情况下，我们可能不需要添加CA链或者中间证书。

安装证书后，将下面的命令运行来激活 Apache2 SSL VirtualHost。

sudo a2ensite default-ssl.conf

最后，运行以下命令重新启动Apache2

sudo systemctl restart apache2