Installing SSL Certificates for PHP in Ubuntu
To configure SSL certificates for PHP in Ubuntu, you need to install a web server (Nginx or Apache), obtain an SSL certificate (e.g., via Let’s Encrypt), configure the web server to use HTTPS, and ensure PHP is set up to handle secure connections. Below are step-by-step guides for both Nginx and Apache.
You need a web server to handle HTTPS requests. The most common choices are Nginx and Apache.
Update your package list and install Nginx:
sudo apt update
sudo apt install nginx
Update your package list and install Apache:
sudo apt update
sudo apt install apache2
Enable the SSL module (required for HTTPS):
sudo a2enmod ssl
sudo systemctl restart apache2
Use Certbot (a free tool) to obtain an SSL certificate from Let’s Encrypt. Certbot automates the process of obtaining and installing certificates.
For Nginx:
sudo apt install certbot python3-certbot-nginx
For Apache:
sudo apt install certbot python3-certbot-apache
For Nginx, run:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
For Apache, run:
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
Replace yourdomain.com with your actual domain. Certbot will automatically configure your web server to use the SSL certificate and redirect HTTP traffic to HTTPS.
Ensure your web server is set up to use the SSL certificate files provided by Certbot.
Edit your Nginx site configuration file (located in /etc/nginx/sites-available/yourdomain.com). Update the HTTPS server block to include the certificate paths:
server {
listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/html;
index index.php index.html index.htm;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # Adjust for your PHP version
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
try_files $uri $uri/ =404;
}
}
# Redirect HTTP to HTTPS
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
Test the Nginx configuration for syntax errors:
sudo nginx -t
Restart Nginx to apply changes:
sudo systemctl restart nginx
Edit your Apache site configuration file (located in /etc/apache2/sites-available/yourdomain.com.conf). Ensure the <VirtualHost *:443> block includes the SSL directives:
<VirtualHost *:443>
ServerName yourdomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem # Optional but recommended
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable the site and restart Apache:
sudo a2ensite yourdomain.com.conf
sudo systemctl restart apache2
PHP does not require direct SSL configuration for basic HTTPS functionality, but you should ensure it allows URL operations and uses the correct CA bundle for secure connections.
For PHP running as an Apache module (libapache2-mod-php), edit:
sudo nano /etc/php/7.4/apache2/php.ini
For PHP-FPM (common with Nginx), edit:
sudo nano /etc/php/7.4/fpm/php.ini
Adjust the following settings (replace 7.4 with your PHP version):
allow_url_fopen = On
allow_url_include = On
openssl.cafile = /etc/ssl/certs/ca-certificates.crt # Path to your system's CA bundle
Save the file and restart the PHP service:
# For PHP-FPM
sudo systemctl restart php7.4-fpm
# For Apache + PHP module
sudo systemctl restart apache2
Check that your site loads over HTTPS with a valid certificate:
https://yourdomain.com. You should see a lock icon in the address bar.Certbot automatically sets up a cron job to renew certificates. To test the renewal process manually:
sudo certbot renew --dry-run
If no errors occur, your certificates will renew automatically before expiration.
By following these steps, you can successfully install and configure an SSL certificate for PHP in Ubuntu, ensuring your PHP applications are served securely over HTTPS.