Setup SSL on a Raspberry Pi in 2 minutes

UPDATE: Lets Encypt have an auto install bot and it’s a signed certificate, meaning no warning!


Granted this is a self signed certificate and not one from an issuing authority, but for most domestic uses it’s fine.

Make a directory called ssl

Code: Select all

sudo mkdir /etc/apache2/ssl

Create the certificate

Code: Select all

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key

for the domain name I used my domain, and that’s fine, but it has to be a domain name and not an IP.

Here’s my ouput

Generating a 2048 bit RSA private key
writing new private key to ‘/etc/apache2/ssl/server1.key’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:Yorkshire!
Locality Name (eg, city) []:Home
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dazbobaby inc.
Organizational Unit Name (eg, section) []:Admin
Common Name (e.g. server FQDN or YOUR name) []
Email Address []

Install the SSL mod for Apache2

Code: Select all

sudo a2enmod ssl

Restart Apache:

Code: Select all

sudo service apache2 restart

Create a file and symbolic link to the sites-enabled and sites-default folders

Code: Select all

sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf

Edit the file.

Code: Select all

sudo nano /etc/apache2/sites-enabled/000-default-ssl.conf

Insert these two lines before </VirtualHost>

Code: Select all

SSLCertificateFile    /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

Now browse to your site with HTTPS:// and accept the new security certificate

Source: … 5-minutes/

Setup redirection from port 80 (insecure) to 443
Edit /etc/apache2/sites-enabled.conf
Add this:

Code: Select all

<VirtualHost *:80>
   Redirect permanent /

Restart apache

About The Bionic Cyclist

Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.

This website.
View All Posts

Dylan Thomas, 1914 - 1953

Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.

Though wise men at their end know dark is right,
Because their words had forked no lightning they
Do not go gentle into that good night.

Good men, the last wave by, crying how bright
Their frail deeds might have danced in a green bay,
Rage, rage against the dying of the light.

Wild men who caught and sang the sun in flight,
And learn, too late, they grieved it on its way,
Do not go gentle into that good night.

Grave men, near death, who see with blinding sight
Blind eyes could blaze like meteors and be gay,
Rage, rage against the dying of the light.

And you, my father, there on the sad height,
Curse, bless, me now with your fierce tears, I pray.
Do not go gentle into that good night.
Rage, rage against the dying of the light.

13 thoughts on “Setup SSL on a Raspberry Pi in 2 minutes

  1. Pingback: Install Nextcloud cloud server on a Raspberry Pi – The Bionic Cyclist E-Bike Rider

  2. Pingback: In the Wake of WannaCry, how to be secure? – The Bionic Cyclist E-Bike Rider

  3. Hello my Name is Ferry,

    So i was following your instruction to enable SSL in my raspberry pi. it was working fine but there i can see that the https: getting strike-through with red words.

    Here is the error message :
    Your connection is not private

    Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). Learn more

    Expires on: Oct 22, 2020
    Current date: Oct 23, 2017
    PEM encoded chain:
    A lot of words

    Thank you.

    • This is normal as your certificate is self signed, to a member of the public it’s a little warning that the site doesn’t have a signed Certificate Authority, but all http traffic is still secure.
      To get a CA to issue a legit cert is a fair bit more complicated, but still doable.

      Take a look at for a free signed certificate.

      • Thank you for your fast response! This really help me a lot. I just installed this for 4 mins in my raspberry and its working like charms.
        No more red lines in my domain anymore.

        Actually I’m building my own website, the website is quite simple admin can create order and later system will generate order number.

        Since i have raspberry pi, I want to host the website and I stop at the secure site. I afraid about the security and also someone might be able to hack into my system.
        That’s why I’m here, your explanation is easy to understand and i learn a lot.

        Thank you.

  4. Hi, thanks much for this excellent tuto! For me, only one point missed:
    At the end (before the last server restart) I had to execute the following line to activate the redirect module
    sudo a2enmod rewrite

Leave a comment

Your e-mail address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.