# create storage location for cert+key
mkdir /etc/apache2/ssl && cd /etc/apache2/ssl
# generate cert+key
openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=7362cb9e-13a0-4043-87f3-4a176a8aec64' -keyout key.pem -out cert.pem -days 365
# enable ssl
sudo a2enmod ssl
# set up ssl, and redirect non-ssl
cat sites-available/default.conf
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost _default_:443>
DocumentRoot /var/www/default
ErrorLog ${APACHE_LOG_DIR}/default.ssl.error.log
CustomLog ${APACHE_LOG_DIR}/default.ssl.access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/key.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
# enable site and restart
a2ensite default
systemctl restart apache2
mostly as a reminder for future-me 🙂