You are here: Home / Debian GNU/Linux / Servers / Apache 2 / Enable the HTTPS protocol with Apache 2 on Debian

Enable the HTTPS protocol with Apache 2 on Debian

by Pierre-Yves Landuré last modified Oct 29, 2017 11:58

This howto ease the activation of HTTPS with Apache 2.

This howto is tested on :

  • Debian 5.0 Lenny
  • Debian 6.0 Squeeze
  • Debian 7.0 Wheezy


This howto needs :

This howto recommands :


Provide the HTTPS connection network interface name :



Detect the IP address of the network interface (use it later to create virtual hosts) :

SSL_IP="$(command ifconfig "${SSL_NET}" \
  | command grep 'inet ' \
| command sed -e 's/^.*inet [^:]*:\([^ ]*\) .*$/\1/')"

Setup the server to listen on port 443 :

if [ -z "$(command grep 'Listen.*443' '/etc/apache2/ports.conf')" ]; then
command echo "# Listen on the HTTPS port if the needed module is available.
<IfModule mod_ssl.c>
  Listen 443
</IfModule>" >> '/etc/apache2/ports.conf'

Enable the VirtualHost naming for the network interface :

if [ -z "$(command grep "NameVirtualHost.*${SSL_IP}:443" '/etc/apache2/ports.conf')" ]; then
  command sed -i -e "/Listen[\t ]*443/a\\
    NameVirtualHost ${SSL_IP}:443" '/etc/apache2/ports.conf'

Enable the SSL module :

command a2enmod ssl

Reload the server configuration :

/etc/init.d/apache2 force-reload


Any HTTPS host needs the creation of a valid SSL certificate for its domain name, as described by Create a SSL / TLS certificate on Debian.

Create a HTTPS virtual host with the --ssl option having for argument the name of the choosen SSL certificate (generaly, the domain name of the web site) :

# command a2tools --ssl='' '' '/opt/'

If the choosen certificate is a wildcard valid for all sub-domains, use:

# command a2tools --ssl='*' '" '/opt/'

A missing functionnality from Internet Explorer 6 to 8 on Windows XP limits to one SSL certificate by IP address. To host many sub-domains on a same server, the use of wildcard certificates (ie. "*") is recommanded.

To host several domains on one server without errors on Internet Explorer ,use the option --bind-ip to specify the IP address linked to the choosen SSL certificate. If you own a OVH server, assign a failover IP to the server.