Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In Apache HTTP , Nginx and Security Last updated: October 29, 2022
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Let’s look into getting a FREE SSL/TLS certificate from ZeroSSL and implement it in Apache and Nginx web servers.


You might have heard a lot about the term like HTTP and HTTPS. In the early days, a protocol was defined, which was named as HyperText Transfer Protocol(HTTP). It is a way to communicate from browser to web server. When this communication happens, the data traveling on an HTTP protocol, just travel in the clear text formats. Due to this, it has been realized that the HTTP communication is not secure, and hackers were able to attack and intercept the important and sensitive messages.

To solve this issue, the HTTPS protocol came into the picture. It is a secure protocol, and acronym stands for HyperText Transfer Protocol Secure. It simply makes encryption to the data when the communication happens, and data travels from the web browser to the webserver. So that if any hacker picks up that information, it’s all encrypted.

How do HTTPS works?

The HTTPS protocol works on either of the two things, that is SSL(Secure Socket Layer) or TLS(Transport Layer Security). Both tools use PKI(Public Key Infrastructure). PKI, in turns, uses two key, ie. public and private keys. Anything which is encrypted using the public key can be decrypted using the private key and vice versa.

When we install an SSL/TLS certificate on our website, the ‘data encryption’ feature gets enabled. SSL is used as a checkpoint to guarantee the security of the data that is being exchanged over the Internet between the user’s browser and the website server.

Getting ZeroSSL certificate

ZeroSSL is a certificate authority (CA) that makes the thing very easy for everyone to install a certificate to make the website secure. You can get up to 3 certificates with 90 days validity in free.

Zero SSL

  • Sign up with ZeroSSL
  • After logging in, the below page will appear. Click on ‘New Certificate.’

  • Enter the URL you want to secure and click on the ‘Next Step.

  • Select 90-day certificate and Next

  • Let’s proceed with the auto-generate CSR option

  • Proceed with the “Free” plan

Next, you’ll need to verify the domain ownership. There are a few options.

  • DNS – if you can add a DNS record entry
  • Email – if you can receive the email to
  • File Upload – if you can upload a file on the root of the domain

Choose what works for you. I’ll proceed with DNS entry.

  • I’ve added the CNAME and ready to verify domain.

  • Finally, once verified, the SSL certificate is ready to download.

Here is my downloaded certificates.

Its time to implement it.

Implementing on Apache

The following, I will install Apache on Ubuntu.

Login to server and install using apt-get command.

sudo apt-get install apache2

Let’s find out if Apache is running using systemctl command.

root@geekflare-lab:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
   Active: active (running) since Sat 2020-05-23 16:15:56 UTC; 3s ago
  Process: 7852 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 14179 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 14196 (apache2)
    Tasks: 55 (limit: 2362)
   CGroup: /system.slice/apache2.service
           ├─14196 /usr/sbin/apache2 -k start
           ├─14199 /usr/sbin/apache2 -k start
           └─14200 /usr/sbin/apache2 -k start

May 23 16:15:56 geekflare-lab systemd[1]: Starting The Apache HTTP Server...
May 23 16:15:56 geekflare-lab apachectl[14179]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the 'Serve
May 23 16:15:56 geekflare-lab systemd[1]: Started The Apache HTTP Server.

Great, it is running.

My domain ( is already pointing to this Apache server.

But as you can see, it is not secured, and therefore, we will be configuring the certificate which we got from ZeroSSL.

  • Let’s create a directory called sslCA under /etc to store the certificate files.
cd /etc
mkdir sslCA
  • Transfer the files to the newly created folder on the server
root@geekflare-lab:/etc/sslCA# ll
total 20
drwxr-xr-x  2 root root 4096 May 18 12:13 ./
drwxr-xr-x 92 root root 4096 May 22 06:07 ../
-rw-r--r--  1 root root 2430 May 18 05:37 ca_bundle.crt
-rw-r--r--  1 root root 2292 May 18 05:37 certificate.crt
-rw-r--r--  1 root root 1702 May 18 05:37 private.key
  • Enable SSL module
sudo a2enmod SSL
  • We will have to restart the webserver so that the changes can be recognized.
sudo service apache2 restart
  • The next step is to configure the certificate files on the Apache SSL config file.
cd /etc/apache2/mods-available
  • The name of the file is ssl.conf. We need to add the following in <VirtualHost directive.
<VirtualHost _default_:443>         
SSLEngine on                 
SSLCertificateFile /etc/SSLCA/certificate.crt                 
SSLCertificateKeyFile /etc/SSLCA/private.key                 
SSLCertificateChainFile /etc/SSLCA/ca_bundle.crt
  • Save the file and exit :wq!

After performing the restart, the SSL will get enable on the site. Let’s access the site using https://

And, as you can see, “Connection is Sure”. It means that our SSL certificate has been successfully applied to our webserver.

Implementing on Nginx

Nginx is located in Ubuntu’s default repositories, so it’s possible to install it from here using the appropriate packaging system.

  • The below command is used for installing the “Nginx”.
sudo apt install nginx
  • After installation gets success, we can start the Nginx using the below command.
systemctl start nginx
  • Check the status of Nginx.
root@geekflare-lab:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-05-19 06:54:00 UTC; 4 days ago
     Docs: man:nginx(8)
  Process: 8634 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/ (code=exited, status=0/SUCCESS)
  Process: 8661 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 8653 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 8664 (nginx)
    Tasks: 2 (limit: 2362)
   CGroup: /system.slice/nginx.service
           ├─8664 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           └─8707 nginx: worker process

May 19 06:54:00 geekflare-lab systemd[1]: Starting A high performance web server and a reverse proxy server...
May 19 06:54:00 geekflare-lab systemd[1]: nginx.service: Failed to parse PID from file /run/ Invalid argument
May 19 06:54:00 geekflare-lab systemd[1]: Started A high performance web server and a reverse proxy server.
  • As expected, the browser will show the warning as a connection to this site is not secure.

Let’s quickly implement the cert to make the site secure using HTTPS.

  • Let’s create file at /etc/nginx/conf.d location. The file content will look like the below.
server {     
listen              443 SSL default_server;     
listen              [::]:443 SSL default_server ;     
root                /var/www/html;     
  • Now it’s required to add a certificate filename in nginx.conf file which is located in “/etc/nginx” directory.
  • Add the following in http directive
ssl_certificate /etc/sslCA/certificate.crt; 
ssl_certificate_key /etc/sslCA/private.key;

  • Restart Nginx to verify the changes
systemctl restart nginx

And here we go.

Interested in learning Nginx? Check out this fundamentals course.

Testing SSL/TLS Configuration

The default configuration may be vulnerable, and I strongly suggest testing your site after implementing the certificate. There are a number of online tools you can check out here.


I hope this gives you an idea of getting a certificate from ZeroSSL and implementing it in two most popular web servers.

  • Asad Ali
Thanks to our Sponsors
More great readings on Apache HTTP
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder