Description: This step-by-step guide shows how to manually install a custom SSL certificate on your VPS using Apache or Nginx. Learn how to upload your certificate files, configure your web server, and enable HTTPS manually.
How to Install a Custom SSL Certificate on Your VPS (Apache & Nginx Guide)
If you’ve purchased an SSL certificate from a Certificate Authority (CA) like DigiCert, Namecheap, or GoDaddy, you’ll need to install it manually on your VPS. This guide walks you through the whole process.
🔹 Step 1: Prerequisites
Make sure you have the following:
- A VPS with Apache or Nginx installed
- A domain name pointing to your VPS (via A records)
- Your certificate files, usually:
your_domain.crt (SSL certificate)your_domain.key (Private key)ca_bundle.crt or intermediate.crt (Certificate chain)
Upload these to your VPS using scp, SFTP, or your preferred method.
Example upload path:
/etc/ssl/exampledomain/
🔹 Step 2: Apache SSL Configuration
Let’s say you’re using Apache on Ubuntu.
2.1: Place Your Files
Create a directory and move your certs there:
bash
sudo mkdir -p /etc/ssl/exampledomain
sudo mv your_domain.crt /etc/ssl/exampledomain/
sudo mv your_domain.key /etc/ssl/exampledomain/
sudo mv ca_bundle.crt /etc/ssl/exampledomain/
2.2: Create or Edit the SSL Virtual Host
bash
sudo nano /etc/apache2/sites-available/exampledomain-ssl.conf
Paste:
apache
<VirtualHost *:443>
ServerAdmin webmaster@exampledomain.com
ServerName exampledomain.com
ServerAlias www.exampledomain.com
DocumentRoot /var/www/exampledomain.com
SSLEngine on
SSLCertificateFile /etc/ssl/exampledomain/your_domain.crt
SSLCertificateKeyFile /etc/ssl/exampledomain/your_domain.key
SSLCertificateChainFile /etc/ssl/exampledomain/ca_bundle.crt
<Directory /var/www/exampledomain.com>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Then enable modules and site:
bash
sudo a2enmod ssl
sudo a2ensite exampledomain-ssl.conf
sudo systemctl reload apache2
🔹 Step 3: Nginx SSL Configuration
For Nginx users:
3.1: Place Your Files
bash
sudo mkdir -p /etc/ssl/exampledomain
sudo mv your_domain.crt /etc/ssl/exampledomain/
sudo mv your_domain.key /etc/ssl/exampledomain/
sudo mv ca_bundle.crt /etc/ssl/exampledomain/
3.2: Edit the Server Block
bash
sudo nano /etc/nginx/sites-available/exampledomain.com
Paste:
nginx
server {
listen 443 ssl;
server_name exampledomain.com www.exampledomain.com;
root /var/www/exampledomain.com;
index index.html;
ssl_certificate /etc/ssl/exampledomain/your_domain.crt;
ssl_certificate_key /etc/ssl/exampledomain/your_domain.key;
ssl_trusted_certificate /etc/ssl/exampledomain/ca_bundle.crt;
location / {
try_files $uri $uri/ =404;
}
}
Make sure the config is enabled:
bash
sudo ln -s /etc/nginx/sites-available/exampledomain.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
🔹 Step 4: Redirect HTTP to HTTPS
This helps enforce encryption:
Apache
In your port 80 config:
apache
<VirtualHost *:80>
ServerName exampledomain.com
Redirect permanent / https://exampledomain.com/
</VirtualHost>
Nginx
Add a redirect server block:
nginx
server {
listen 80;
server_name exampledomain.com www.exampledomain.com;
return 301 https://$host$request_uri;
}
🔹 Step 5: Verify SSL is Working
Visit:
Look for the 🔒 padlock and verify the certificate details.
Common Errors & Fixes
ProblemLikely FixBrowser says certificate invalidMissing or incorrect chain fileSSL not loadingWrong file path or permissionsApache/Nginx won’t reloadSyntax errors or ports already in useMixed content warningsSite loads HTTP assets inside HTTPS page
✅ Conclusion
You’ve successfully installed a custom SSL certificate on your VPS! This is perfect when using paid or wildcard certificates, or when managing multiple domains with a custom setup.
You’re now offering a secure, encrypted experience to your visitors—and building trust.